Uber Driver/Customer Data Sharing Raises Privacy Concerns

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Follow on:

Uber disclosed info on 14 million of its users to US law enforcement and regulatory agencies, according to its transparency report

Uber handed US law enforcement agencies info on its drivers and riders hundreds of times in the last six months of 2015 following information requests.

The extent of the requests is detailed in the ride share firm’s inaugural transparency report released by Uber this week. The report provides a comprehensive overview of information that was provided to US state and local regulators and law enforcement agencies between July and December 2015.

Regulated transportation sector

Uber connects riders and drivers in a highly regulated transportation sector. Regulatory agencies like the California Public Utilities Commission and the New Orleans Department of Safety and Permits oversee offline services like electricity, construction and taxis in addition to Uber rides. They are empowered by law to require regulated transportation companies to report information about their operations.

UberUber explained: “Like other companies, we receive requests from law enforcement agencies for information about our riders and drivers during the course of a criminal investigation or other emergency.”

The statistics in the report show how many law enforcement requests Uber received from local, state and federal authorities in the US, the type of legal process they used, the number of riders and drivers affected by these requests and how often Uber responded with relevant information.

Uber was subpoenaed for rider data 312 times, driver data 138 times and general data 267 times between July and December 2015. Uber says it handed over “some” data in more than 82 percent of those instances

The company also received 90 search warrants, 30 emergency requests and 28 court orders. Again, “some” information was produced in about 80 percent of those cases. There were 368 data requests from state law enforcement agencies and 47 federal requests. In total, Uber disclosed data on 14 million of its users to US law enforcement and regulatory agencies.

An Uber spokesperson said: “Uber receives law enforcement requests for information related to criminal investigations, and may provide information about specific trips, riders or drivers in response.

“Our dedicated team of experts, who are trained to manage these requests, ensures that any disclosure of information is consistent with our internal policies and applicable law. For example, we may require a subpoena, court order, or search warrant before providing different types of information.”

Uber said it often tries to narrow the scope of regulators’ requests, adding: “Of course regulators will always need some amount of data to be effective, just like law enforcement. But in many cases they send blanket requests without explaining why the information is needed, or how it will be used.”

Gautam Hans, San Francisco-based policy counsel at the Center for Democracy & Technology, a nonprofit that focuses on Internet privacy issues, notes that, historically, there has not been much public awareness or oversight regarding privacy and data requests.

He told California-based Mercury News: “There’s very little to stop them from saying ‘give us more data and we’re still not going to tell you why, otherwise we’re going to shut you down’.”

In future, Uber hopes to release reports on data requests it has received in the other 60-plus countries it operates in.

Are you an expert on data privacy? Take our quiz to find out!