16.08.2017

FTC & Uber: Compromise in the matter of Uber's data protection policy

August 15th, 2017 the Federal Trade Commission (FTC) announced an agreement with Uber Technologies Inc. concerning its data protection policy. In particular, Uber will implement a comprehensive privacy program. In a preceding complaint FTC alleged that the company did not fulfill its own privacy and data security requirements. Another allegation against Uber is concerning the development and usage of an IPhone-App-tracker (read more at Kennedy, Uber's IPhone Tagging Caper, CRi 4/2017, 111-113).

Federal Trade Commission, 15.8.2017
The charges
The FTC alleged Uber to misrepresent the extent to which its employees had access to information about riders and drivers and the monitoring of this access. Furthermore, the FTC puts forward that in its opinion sensitive personal data Uber stored on a third-party cloud provider's server is not securely locked down. Although Uber had the possibility to adopt suitable measures, the data were easy of access and private information was stored in plain readable text in the cloud, which ended up in a hacker attack in 2014 with 100,000 names and drivers licenses numbers uncovered.

The background
As allegations had come up in 2014, Uber stated to have strict regulations concerning its employees' access to user data and reasonable security measures to prevent unauthorized access. Nevertheless, it only used its automated access monitoring system for less then a year.

The agreement
According to the FTC's report, Uber is now prohibited to misrepresent how it monitors the employees' access to consumer data and how it protects and secures the data. In addition, Uber agreed to launch a comprehensive privacy program that addresses privacy risks related to new and existing products and services and guarantees the privacy of all personal data collected. Moreover, the company will implement regular third-party audits certifying the privacy program.

Links:
Click here to read the FTC's press release.

Federal Trade Commission, Press Release, August 15th, 2017
Zurück