Uber Pulls Rider Tracking Feature After Settling FTC Privacy Violations
Over the last couple years, Uber has become virtually synonymous with legal troubles. They’ve faced case after case on everything from employment law to trade secret issues to sexual harassment lawsuits to simple failure to comply with DMV registration requirements. However, their most recent legal hot water has dealt with privacy law, the Federal Trade Commission (FTC), and false representations. Just a few weeks ago, these issues culminated in an FTC settlement agreeing to-among other things-20 years of FTC oversight.
As part of the settlement, Uber has agreed to overhaul their privacy policies and the implementation of those policies. One of the first of these changes has involved the removal of a much criticized rider tracking feature. For a while included a much criticized default feature that tracked user location for five to ten minutes after they got out of the car. You can already see how this might be abused. However, the feature was made even more of an issue by the fact that users had to jump through in-app hoops each time they looked for a ride if they wanted to not be tracked. The feature was apparently meant as a security measure for riders. However, the combination of Uber never really explaining the purpose of the feature to users and-as you’ll see as we discuss the settlement-Uber’s less than stellar track record when it comes to securing user data made pulling the rider tracking a near necessity.
This is likely the first step of many Uber will take in response to the FTC oversight it will face for the next couple decades. Let’s take a look at the problems that got them in this situation in the first place-the charges brought against them by the FTC, exactly what the settlement does, and how you can avoid Uber’s mistakes.
The FTC Charges
The FTC is an agency, created by the Federal Trade Commission Act, with the goal of eliminating unfair competition and promoting consumer protection. They do this in a number of way but primarily by bringing charges against companies that either deceive or treat consumers unfairly. This includes things like false advertising, false business claims, breach of contract, scams, product defects, and more.
In Uber’s case, the charges brought by the FTC dealt with privacy issues. However, privacy at a federal level is a tricky concept. There’s no real guaranteed rights to privacy beyond the expectation of privacy which limits how the government may search and seize you and your property. When it comes to private companies, privacy protections exist but mainly as a web of federal statutes which apply piecemeal to specific situations such as credit reporting, finances, health information, etc. This being said, an enormous number of companies in this day and age have privacy policies which dictate their own stance on how they will behave regarding customers private information. This usually deals with the handling of personally identifiable information-things which can tell people who you are or where you are-rather than more general metadata. However, when a company represents that they will treat private information in a certain way then doesn’t follow its own privacy policies this creates a false representation situation. This was the gist of the FTC’s charges.
First, the FTC charged Uber with misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers. Second, they said that Uber represented the things they did to protect that information-no surprise given that Uber had an enormous 100,000 user data breach back in 2014.
Avoiding Uber’s Mistakes