Is Your Uber Travel Data Safe? Company Faces Decades Of FTC Audits

Uber has started settling its multiple disputes with the Federal Trade Commission (FTC) — the government agency for consumer protection — which announced Tuesday it has agreed to 20 years of FTC privacy audits. The settlement was a result of an investigation into Uber’s doxing — publishing private information online — of journalists critical of the company.

Uber was also under investigation for a God View tool which provided its employees access to user data. This was called ‘public stalking’ by high-profile users such as entrepreneur Peter Sims. The company also had a secret method of blocking users called Greyballing. It showed only ghost cars, i.e. those which were present only in the app rather than real cars, allowing Uber to skirt law enforcement officials when not operating in zone allowed by a city’s authorities.

“Respondent has engaged in a number of practices that, taken together, failed to provide reasonable security to prevent unauthorized access to Rider and Driver personal information… “It is further ordered that, in connection with its compliance with the Provision of this Order titled Mandated Privacy Program, Respondent must obtain initial and biennial assessments,” the FTC document said in addition to ordering privacy assessments by a third party.

Uber has to report to FTC for the first 180 days and then go for an assessment every two years for following 20 years.

But, is your user data, including the most important location data on the app safe?

Uber submitting to an FTC assessment for the first six months means the data will go into the hands of a government authority. Furthermore, it is not yet known whether the data from private assessor will have FTC oversight.

But one thing is certain. The kind of access Uber employees have to your data will be under strict scrutiny.

"Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data. This case shows that, even if you’re a fast-growing company, you can’t leave consumers behind: you must honor your privacy and security promises," FTC Acting Chairman Maureen Ohlhausen said in a statement.

Since there are no federal privacy laws, the government currently cannot hold Uber’s feet to the fire when it comes to following its own stated privacy policy. Yet the FTC has been trying its best — besides Uber, Google, and Facebook in the past have been ordered to undergo 20 years of privacy audits.

Uber itself has previously been fined $20 million by the FTC for misleading them about how much money they could make.

"People always complain that this is a slap on the wrist compared to Europe. But there's only so much the FTC can do." Woodrow Hartzog, a professor of law and computer science at Northeastern University School of Law, told Wired Tuesday.