US privacy group complains about Uber data collection

EPIC asks the U.S. Federal Trade Commission to investigate Uber's new privacy policy

Uber's mobile app.

Uber's mobile app.

Uber Technologies' new data collection policy, allowing the ride-hailing company to access a user's location even when the smartphone app is not actively in use, violates the privacy rights and personal safety of U.S. customers, according to a complaint filed Monday by a privacy group.

With upcoming changes to its privacy policy, Uber "will claim the right to collect personal contact information and detailed location data of American consumers, even when they are not using the service," the Electronic Privacy Information Center wrote in a complaint to the U.S. Federal Trade Commission.

EPIC also objected to Uber's plans to access the information from users' phones' address books and send out promotional materials to contacts listed there.

Currently, Uber's app may access the contact information of other people on users' phones when users perform some functions in the app, such as splitting the fare or sharing their estimated arrival time with others.

It's not clear yet how Uber will ask for additional customer permissions in its app when the company begins to ask for additional data from them.

The changes "ignore past bad practices of the company involving the misuse of location data, pose a direct risk of consumer harm, and constitute an unfair and deceptive trade practice," EPIC said in its request for an FTC investigation.

Uber's new privacy policy, announced in May and scheduled to go into effect July 15, will allow the company's app to collect the precise location of the user's device when the app is running in the background. The company made several changes to its privacy policy in an effort to make it simpler for users to understand and for Uber to track fares, the company has said.

The change would also improve the way Uber's app works, partly by providing a faster approximate arrival time for nearby drivers, the company said.

But EPIC, citing past misuses of customer data by Uber, questioned the new policy. "Virtually everyone who has reviewed the proposed changes in business practices has understood that the company plans even more expansive and more invasive uses of personal data even after it has engaged in egregious practices with the personal data in its possession," EPIC wrote in its complaint.

EPIC has "no basis" for a complaint with the FTC, Uber said in a statement. "We care deeply about the privacy of our riders and driver-partners and have significantly streamlined our privacy statements in order to improve readability and transparency," the statement said. "These updated statements don't reflect a shift in our practices, they more clearly lay out the data we collect today and how it is used to provide or improve our services."

The new privacy policy is half as long as Uber's old one, the company noted. Customers will have more than a month of notice to review the new policy and ask questions, Uber said. Customers will be able to opt out of any new data uses by Uber, a spokeswoman said.

Uber's new policy goes beyond what it needs to provide services, EPIC said in its complaint.

"This collection of user's information far exceeds what customers expect from the transportation service," EPIC wrote. "Users would not expect the company to collect location information when customers are not actively using the app."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the TechWorld newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesU.S. Federal Trade CommissionregulationsecuritygovernmentElectronic Privacy Information CenterinternetprivacyUber Technologies

More about CustomersElectronic Privacy Information CenterFederal Trade CommissionFTCIDGNewsTwitterUber

Show Comments
[]