Uber Changes App to Allow Users to Refine Geolocation Tracking

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

Uber Technologies Inc. announced Aug. 29 that it is moving to allow riders to control their sharing of geolocation tracking information.

The move is the latest in a series of privacy-related policy changes the ride-sharing giant has made since last year; others have been at the behest of federal or state regulators.

Uber will roll out new privacy settings for its application running on mobile devices using Apple Inc.'s operating system over the next few weeks, company spokeswoman Melanie Ensign told Bloomberg BNA Aug. 29.

The company’s updated app will have three user settings for geolocation data collection. Users will be able to always allow Uber to collect location information; only allow information collection while the app is in use; or prevent Uber from collecting the information. Before the change, the app didn’t include the intermediate privacy setting.

Ensign said that the new settings will be rolled out in phases, and “not every user will see the changes right away.” Uber is also working on making the changes for mobile devices running on the Android operating system “to offer parity in transparency and choice across both platforms,” she said.

Previous Privacy Claims

Uber’s announcement came two weeks after the company reached a no-fault agreement settling Federal Trade Commission allegations over data security and privacy claims involving sensitive consumer data stored in the cloud.

The FTC alleged that the San Francisco-based company failed to monitor employee access to consumer data and failed to reasonably secure data stored in the cloud.

Under the settlement, Uber will implement a comprehensive privacy program and conduct independent privacy and security audits on a regular basis for 20 years. Privately-held Uber won’t pay a fine under the terms of the order, but could face monetary penalties for failure to follow the agreement.

Ensign said Uber’s decision to roll out new privacy settings was unrelated to any FTC action and was “motivated by user feedback and we’ve been working on it for a while.”

Uber settled a privacy enforcement action by the New York attorney general in January 2016 over allegations that company executives had access to riders’ locations and that Uber displayed the information in an aerial view called “God View.”

Uber agreed to store geolocation information in “a password-protected environment” under that settlement, and to encrypt the information during transit. The company also agreed to limit access to geolocation information to certain designated employees with “a legitimate business purpose.”

Uber’s main competitor, Lyft Inc. may collect location data even when its app is off, according to Lyft’s privacy policy. Lyft spokeswoman Alexandra LaManna told Bloomberg BNA Aug. 29 that Lyft “doesn’t currently collect this data for passengers and has no immediate plans to.”

LaManna said that if the privately-held Lyft’s geolocation data collection policy changes, “users will be in total control over whether or not they choose to share this kind of information.”

To contact the reporter on this story: Jimmy H. Koo in Washington at jkoo@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

Full text of Uber's guidance on geolocation data collection policy is available at http://src.bna.com/r4Q.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security