Uber, facing public backlash, will rethink privacy

The company is working with a DC law firm to assess its policies

Silicon Valley-based ride-sharing company Uber is looking eastward to inject some wisdom into how it handles user data.

Reeling from public outcry over alleged data abuses, Uber is working with a law firm in Washington, D.C., to conduct an in-depth review and assessment of its policies, it said Thursday.

It's unclear what specifically Uber is looking to change, but addressing the circumstances around which Uber can access and view customers' rider logs and trip histories seems to be a focus.

"The trip history of our riders is important information and we understand that we must treat it carefully and with respect, protecting it from unauthorized access," the company said in its announcement.

"Ensuring that we have strong policies and practices in this fast-paced world of technology must be a constant quest," Uber said.

An Uber spokeswoman declined to comment further on what areas of Uber's data use policies the law firm would be looking at.

Uber appears to have chosen able experts. The law firm Hogan Lovells is at the forefront of data privacy issues, recently launching a new practice focused on drones. Leading the assessment of Uber's policy is attorney Harriet Pearson, former chief privacy officer at IBM, who has advised companies on privacy issues and regulatory compliance matters.

A wave of criticism has been leveled at Uber this week, following remarks made by a senior executive suggesting Uber was planning to hire researchers to dig up dirt on journalists giving the company bad press, as reported on BuzzFeed .

Then came a report that Uber had a cavalier attitude toward some customers' data, employing a tool called "god view" that lets employees access and view rider logs without riders' permission. The tool had been used to view the travel logs of at least one journalist who had been covering the company, according to BuzzFeed.

Senator Al Franken, a Minnesota Democrat, sent a stern letter to Uber CEO Travis Kalanick Wednesday, demanding answers about the company's "troubling disregard for customers' privacy."

Uber has stressed that it prohibits employees from accessing rider or driver data, except for a limited set of "legitimate business purposes."

But even if individual rider data is not accessed except in narrow circumstances, Uber's aggregated data could still give rise to privacy concerns, or rub people the wrong way. Two years ago, Uber organized rider data to track one-night stands in various cities.

Attorneys at Hogan Lovells did not respond to a request for comment about what areas of Uber's policies they would be focusing on.

Uber's full data use policy is exhaustive and at times difficult to grasp, carrying statements like, "we may use your personal information or usage information we collect about you ... for internal business purposes."

Lawyers are likely to first home in on how Uber handles individual people's data in an attempt to curb abuse, said Andrew Crocker, a legal fellow at the Electronic Frontier Foundation.

"You can infer that Uber is taking this seriously and they recognize people are upset," he said in an interview.

Whether Uber can repair the damage around its public image is another question. Some users have since said they've deleted the Uber app from their phones, but the convenience of Uber's service might outweigh privacy concerns for other people.

Privacy concerns routinely surface among users of services like Facebook and Google. But Uber is in a different situation, with executives allegedly taking an interest in people's private lives and geolocation, for reasons that are questionable at best and unethical at worst.

It's these sorts of issues that lawyers are likely to focus on within the confines of Uber's practices, EFF's Crocker said.

Broader issues around Uber's data collection and the use of data are important, "but more front of mind now are these individual incidents and anecdotes," he said, adding, "they're definitely in damage control mode now."

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Join the CSO newsletter!

Error: Please check your email address.

Tags UberInternet-based applications and servicessecuritymobilesocial mediainternetprivacy

More about EFFElectronic Frontier FoundationFacebookGoogleIDGNewsPearsonUber

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Zach Miners

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place