By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
Out for a night on the town and need a safe ride home? Sure, you could call a taxi, but why do that when you have the Uber app right on your phone? Uber is a convenient, relatively cheap way to get where you need to go, but the service has its drawbacks.
One of those drawbacks relates to the outcry over Uber’s data privacy policies. Uber’s customers, partners, and even governments voice concern about how the ride share service handles consumer data that should remain private. What issues are behind the problem? What steps is Uber taking to ameliorate it?
Rapid Growth Contributes to the Problem
A few years ago, Uber was a novelty, and many people didn’t have a clue about how it worked. Today, the service is commonplace and part of everyday life in almost 300 cities across the world. While that rapid expansion is great for Uber, it doesn’t come without its growing pains. As a blog post on The New York Times website points out, “As Uber grew, the company did not properly scale its internal data privacy tools and policies at a fast enough pace.”
Is Uber about to slow down and reevaluate its policies before it expands into even more cities? It seems unlikely. The start-up is always looking for new territories to claim; however, part of their new take on security is to be more conscious of regulators’ wishes in Europe and the Asia-Pacific area. Perhaps the company’s imminent growth will take place with a little more finesse than in the past.
Of course, growth at breakneck speed might seem like more of an excuse than a valid reason for data privacy slip-ups. For example, Uber used to have what they called a “God View” option for employees that allowed them to track riders in real time. That feature is no longer extant, but it still illustrates a startling lack of sensitivity to their riders’ right to privacy.
A Mangled Reputation
Uber’s seemingly overnight popularity occurred in no little part thanks to its aggressive stance on business. As CNBC brings out, Uber “once somewhat prided itself on its antagonistic attitude.” It’s no secret that taxi drivers do not like Uber; they feel that the services hurt their business because of its cheap fares and that the drivers don’t generally expect tips. And Uber doesn’t really care how taxi drivers feel about the situation.
However, taxi drivers aren’t the only ones with a sour taste in their mouths when it comes to Uber. The service has faced some monumental legal struggles both in the United States and abroad. Just a few examples:
- In December 2014, Uber had to suspend its services in Portland, Oregon after the city accused it of operating an illegal transportation service.
- In mid-January 2015, South Carolina ordered Uber to stop operating in the state.
- Also in January, a woman in India filed a suit against Uber, claiming that a driver sexually assaulted her.
- In December 2014, Thailand’s Department of Land Transport ordered the company to halt its operations in the country.
Indeed, Uber is a business bad guy. However, if they wish to continue to thrive and maintain their $40 billion worth, they need to eat a big portion of humble pie. Uber seems to recognize that fact. In their efforts to put a better face on the company, they recently issued a promise to tighten up their data privacy policies. It also seems likely that they will put forth more effort to establish amicable relationships with authorities.
Troubling Incidents Lead to an Audit
The litany of Uber troubles doesn’t stop with friction with taxi drivers and governments. Uber’s vice president once suggested that they dig into the personal lives of critical journalists; one man claimed that Uber broadcasted his location data to a crowd in Chicago, and BuzzFeed reported that Uber accessed the ride history of one journalist.
Not long after that last incident, Uber issued a promise to work on their approach to data privacy. It started with an audit. Harriet Pearson of the Washington law firm Hogan Lovells oversaw the audit. What were Pearson’s conclusions?
Audit Reveals a “Strong Policy” with “Room for Improvement”
The New York Times article mentioned earlier quotes Pearson as saying, “Uber has put a strong privacy program in place. Is there room for improvement? Yes.”
As things are, Uber gives employees informal reminders about data privacy with little real training. Part of Uber’s new promise about privacy is to follow all the recommendations of the audit, which include an admonition to implement a mandatory training program that delves into data security and privacy.
Training isn’t the only thing lacking for Uber. Time magazine posed some questions that remain unanswered by the rideshare giant:
- How many Uber employees can see personal data? Uber doesn’t provide an exact figure here, but they do claim that only employees who have legitimate reason to access the data can do so.
- How does Uber prevent employees from looking at personal data? There is a system of passwords and other technical measures in place. The details are fuzzy, but the audit found that Uber’s monitoring system is effective.
- Does Uber discipline employees for privacy violations? Time says, “Uber won’t say. We know that Uber ‘disciplined’ New York executive Josh Mohrer in November for tracking that Buzzfeed reporter’s ride…Other than that, we don’t have any evidence Uber employees committed any other privacy violations.”
Can You Trust Uber?
No one questions Uber’s usefulness, but the doubts surrounding their data privacy policies are enough to make anyone think twice about using the service.