Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Uber Settles Complaint Over Data Protection for Riders, Drivers

Uber agreed to implement new data protection measures to settle complaints that it failed to prevent improper snooping on driver and customer information, officials said Tuesday.

Uber agreed to implement new data protection measures to settle complaints that it failed to prevent improper snooping on driver and customer information, officials said Tuesday.

The ridesharing giant had faced complaints that it allowed some employees to use the “God view” to monitor customer movements that could allow Uber managers to keep tabs on journalists investigating the ridesharing giant.

A separate complaint said that Uber had also failed to prevent a data breach that allowed hackers to gain access to personal information on some 100,000 drivers.

The Federal Trade Commission announced a settlement on an investigation into allegations that Uber failed to live up to data protection claims.

“Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data,” said FTC acting chairman Maureen Ohlhausen in a statement.

“This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honor your privacy and security promises.”

The settlement contains no financial penalty, but Uber agreed to implement “a comprehensive privacy program” that will include independent audits, the FTC said. If it fails to live up to the agreement it could face fines.

The agency which enforces consumer and privacy protection said Uber had announced in November 2014 — but failed to enforce — a “strict policy” prohibiting employees from accessing rider and driver data except for legitimate business purposes.

Advertisement. Scroll to continue reading.

The FTC added in a statement that Uber “did not take reasonable, low-cost measures” that could have prevented a breach by using better practices to protect data in the internet cloud.

Uber, which has become the world’s most valuable venture-backed startup despite complaints from regulators and others, has been roiled by a series of revelations about a toxic work culture and questionable business practices.

Its chief executive Travis Kalanick resigned in June, but investors and board members are battling over his successor and a lawsuit by one investor alleges Kalanick has been working behind the scenes to manipulate the board.

Related: Uber Lures Facebook Security Chief Joe Sullivan to be CSO

Related: Uber Slip Exposes Data of Some US Drivers

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.