In re: Uber Privacy Policy

• Background |
• EPIC's Complaint |
• Legal |
• Resources |
• News Reports

Top News

• Court of Appeals Vacates FTC's LabMD Order, Finding It Lacked Specifics: The Court of Appeals for the Eleventh Circuit has vacated an administrative order by the Federal Trade Commission, which required the medical testing company LabMD to implement "reasonable" data security measures, finding that the order was not specific enough to be enforceable. The court explained that the FTC can require companies to implement data security measures as long as it provides specific guidance. EPIC has repeatedly urged the FTC to mandate specific data security requirements in consumer privacy settlements, including in comments on recent settlements with Uber and PayPal. EPIC also submitted an amicus brief in FTC v. Wyndham, a case in which the Third Circuit Court of Appeals upheld the FTC's authority to enforce data security standards. (Jun. 7, 2018)
• EPIC Urges FTC To Strengthen Revised Settlement with Uber: In detailed comments to the Federal Trade Commission, EPIC urged the FTC to strengthen a revised settlement with Uber. The FTC reached a settlement with Uber back in August of 2017 for its numerous privacy abuses, including secretly tracking riders and using software to evade authorities. But shortly after announcing the settlement, the FTC discovered that Uber had hid a massive data breach and used its bug bounty program to pay off the hackers. As a result, the FTC required Uber to submit all of its privacy assessments to the Commission. While EPIC supported the FTC’s action, EPC said that "the FTC should make Uber's privacy assessments public so that consumers can evaluate whether the company is meeting its obligations under the Consent Order." The FTC's initial investigation and subsequent settlement with Uber were prompted by EPIC's complaint against Uber's in 2015. (May. 15, 2018)
More top news »
FTC Strengthens Penalties Against Uber for Covering Up Data Breach » (Apr. 12, 2018)
The Federal Trade Commission has strengthened its 2017 settlement with Uber because the company hid a massive data breach and bug bounty program in 2016. Under the revised settlement, Uber must submit all of its privacy audits to the FTC, and will face civil penalties if it fails to disclose another breach. In February 2018, EPIC advised Congress that "bug bounty programs do not excuse non-compliance with data breach notification laws." The FTC's 2017 settlement with Uber was the result of EPIC's 2015 complaint to the Commission detailing Uber's numerous privacy abuses. In public comments, EPIC advised the FTC to strengthen the settlement by making all of Uber's privacy audits available to the public.
EPIC Offers Recommendations for Future of FTC Ahead of Senate Hearing on Nominees » (Feb. 13, 2018)
In advance of a Senate hearing on four nominees to the Federal Trade Commission, EPIC recommended 10 steps for the FTC to safeguard American consumers. EPIC explained that the FTC's failure to address the data protection crisis has contributed to unprecedented levels of data breach and identity theft in the United States. EPIC helped establish the FTC's authority for consumer privacy and has urged the FTC to safeguard American consumers in cases involving Microsoft, Google, Facebook, Uber, Samsung and others. EPIC also filed a lawsuit against the FTC when it failed to enforce a consent order against Google.
EPIC Advises Congress on Uber Data Breach, Bug Bounties » (Feb. 5, 2018)
EPIC submitted a statement to the Senate in advance of a hearing to examine the October 2016 Uber breach and the value of bug bounty programs. Last fall, Uber admitted that hackers stole the data of 57 million Uber customers and drivers and that the company paid the hackers $100,000 to delete the data. This has raised legal questions about Uber's failure to notify those affected by the breach and about "bug bounty" programs, where companies pay hackers that bring vulnerabilities to their attention. EPIC explained to the Senate that, "bug bounty programs do not excuse non-compliance with data breach notification laws." EPIC's 2015 complaint with the FTC regarding Uber's abuse of personal data led to an FTC settlement in August, 2017. EPIC has also proposed a privacy law for Uber and other similar transportation companies.
Data Breaches on the Rise » (Jan. 25, 2018)
2017 marked the "worst year ever" for data breaches, according to a pair of reports by Thales and the Online Trust Alliance. Data breaches nearly doubled from 2016 to 2017, and 73% of all U.S. companies have now been breached. Noteworthy were the data security failures of Equifax and Uber. In testimony before the Senate Banking Committee following the Equifax breach last year, EPIC called on Congress to enact meaningful reforms, including default credit freezes and prompt data breach notification. Two years ago, EPIC launched the DataProtection2016 campaign to promote stronger privacy safeguards in the U.S.
Senator Warner Questions Uber CEO On Why It Hid Data Breach » (Nov. 28, 2017)
Senator Mark Warner sent a letter to the Uber CEO, Dara Khosrowshahi, questioning him about why the company covered up a data breach that affected 57 million consumers last year. Uber recently admitted that it hid a massive data breach from the public and paid the hackers $100,000 to delete the data. The stolen data included names, e-mail addresses, phone numbers, and drivers' licenses. Senator Warner told the Uber CEO that he had "grave concerns about your handling of a breach," including the fact that the company disclosed the breach to investors but not the public. Senator Warner has co-sponsored bipartisan legislation that would provide consumers with one free credit freeze per year and protect the credit ratings of veterans wrongly penalized by medical bills. EPIC's 2015 complaint with the FTC regarding Uber's abuse of personal data led to an FTC settlement in August, 2017. EPIC has also proposed a privacy law for Uber and other ride-sharing companies.
Uber Hid Massive Data Breach For Over A Year And Paid Hackers » (Nov. 21, 2017)
Uber just admitted that hackers stole the personal data of 57 million Uber customers and drivers in October 2016. The data included names, e-mail addresses, phone numbers, and the license numbers of 600,000 drivers. Rather than disclose the data breach to the public, as required by law, Uber paid the hackers $100,000 to delete the information. Uber has a well-documented history of abusing consumer privacy. EPIC recently testified in the Senate for strong data breach legislation that would require companies to immediately notify affected consumers of data breaches. EPIC filed a complaint with the FTC in 2015 regarding Uber's egregious misuse of personal data. That complaint led to an FTC settlement with Uber in August, 2017. In 2015, EPIC also proposed a privacy law for Uber and other ride-sharing companies.
EPIC Urges FTC To Strengthen Privacy Settlement With Uber » (Sep. 15, 2017)
In detailed comments to the Federal Trade Commission, EPIC urged the FTC to strengthen a proposed settlement with Uber. The FTC's investigation and subsequent settlement was prompted by EPIC's 2015 complaint, which detailed Uber's secretive tracking of customers and surreptitious collection of user data. EPIC recommended that the FTC require Uber to end collection of customer data beyond what is necessary to provide the service and to mandate that Uber implement stronger privacy safeguards. As EPIC highlighted in the original complaint, Uber has a history of abusing consumer privacy. EPIC has previously pursued FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. The FTC is obligated to consider public comments before finalizing a proposed settlement.
EPIC Urges Public Comments on FTC Settlement with Uber » (Sep. 6, 2017)
EPIC is urging the public to comment on the proposed FTC settlement with Uber regarding consumer privacy. (Federal Register Notice). The FTC settlement follows EPIC's 2015 complaint, which detailed Uber's secretive tracking of customers and surreptitious collection of user data. The proposed settlement requires regular privacy audits of Uber by third parties but fails to make substantial changes in the companies business practices or require the company to delete the personal data that was wrongfully obtained. The deadline to file a comment with the FTC is September 15, 2017. The FTC is required to consider public comments before finalizing a proposed settlement. EPIC has previously pursued FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. EPIC also recently filed an FTC complaint to stop Google from tracking in-store purchases.
Following EPIC Complaint, Uber Agrees To Stop Tracking Riders » (Aug. 29, 2017)
Uber has ended the practice of tracking customers before and after they are picked up. In 2015, Uber announced the company would track the location of riders from the time they ordered a ride until after they had reached their destination. EPIC promptly filed a complaint with the FTC and stated that "This collection of user's information far exceeds what customers expect from the transportation service." The end to Uber's tracking of riders comes two weeks after Uber entered into a consent agreement with the FTC following a complaint filed EPIC that highlighted Uber's history of misusing customer data. But EPIC said the FTC settlement does not go far enough. "The FTC should have imposed stronger sanctions on Uber, required the company to disgorge the personal data it had unlawfully obtained, and required the company to restore the original privacy settings," said EPIC President Marc Rotenberg. EPIC has previously pursued FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. EPIC recently filed an FTC complaint to stop Google from tracking in-store purchases.
After EPIC Privacy Complaint, Uber Settles with FTC » (Aug. 15, 2017)
After an EPIC complaint about Uber's privacy practices, Uber has entered into a consent agreement with the FTC. The agreement prohibits Uber from misrepresenting how it monitors or secures consumer information. As with most FTC privacy settlements, the agreement also requires Uber to implement a comprehensive privacy program and obtain periodic independent third-party audits. In 2015, EPIC filed a complaint with the Federal Trade Commission charging that Uber's plan to track users and gather contact details was an unlawful and deceptive trade practice. EPIC cited Uber's history of misusing customer data as one of many reasons the Commission should act. EPIC has previously pursued successful FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. EPIC recently filed an FTC complaint to stop Google from tracking in-store purchases.
News Report: FTC to Act on EPIC's Uber Complaint » (Jun. 15, 2017)
According to news reports, the FTC is pursuing EPIC's privacy complaint regarding Uber. In 2015, EPIC filed a complaint with the Federal Trade Commission charging that Uber's plan to track users and gather contact details was an unlawful and deceptive trade practice. EPIC cited Uber's history of misusing customer data as one of many reasons the Commission should act. EPIC has previously pursued successful FTC complaints concerning Google, Facebook, WhatsApp, and Snapchat. The FTC complaints typically lead to settlements following a change in business practices. EPIC has also recommended comprehensive privacy legislation for Uber.
In Merger Reviews, EPIC Advocates for Privacy, Algorithmic Transparency » (May. 9, 2017)
EPIC has sent a statement to the Senate Judiciary Committee ahead of a hearing on the new Antitrust Chief. EPIC urged the Committee to consider the role of consumer privacy and data protection in merger reviews. EPIC warned that "monopoly platforms" are reducing competition, stifling innovation, and undermining privacy. EPIC pointed to the FTC's failure to block the Google/DoubleClick merger which accelerated Google's dominance of Internet advertising and the WhatsApp/Facebook merger which paved the way for Facebook to access confidential WhatsApp user data. EPIC also suggested that "algorithmic transparency" would become increasingly important for merger analysis. EPIC is a leading consumer privacy advocate and regularly submits complaints urging investigations and changes to unfair business practices.
Uber Expands Data Collection, Tracks Users, as Transport Services Case is Heard by European Court » (Dec. 1, 2016)
Uber is now routinely tracking the location of all of its users, even when they are not using the transportation service. Last year, EPIC filed a complaint with the FTC after Uber announced the plan to collect location data when the app operated in the background. EPIC said that Uber had engaged in unfair and deceptive trade practice. The FTC failed to act and Uber is now tracking users non-stop. In Europe, Uber is facing legal action as the European Court of Justice considers whether the company should be considered a transportation service, subject to the same rules as its competitors, or a digital platform, which operates outside the law.
Uber, New York AG Reach Settlement Over Rider Data Privacy Practices » (Jan. 7, 2016)
The New York Attorney General’s office has announced a settlement in its investigation of Uber’s collection and misuse of rider locational data, as well as its failure to provide timely notice of a data breach affecting 50,000 Uber drivers. The investigation was prompted by public outcry over Uber’s “God View” tool that allowed Uber employees to obtain a specific rider’s real-time and historic location data without permission. The settlement requires the Uber to encrypt rider locational data and enhance its data security. EPIC previously filed a complaint with the FTC, charging that Uber’s plan to track users and gather contact details is an unlawful and deceptive trade practice. In the Huffington Post, EPIC also recommended privacy law to regulate Uber and other companies in the ride-sharing industry.
EPIC Files FTC Complaint Against Uber about Plan to Track Users and Gather Contact List Data » (Jun. 22, 2015)
EPIC has filed a complaint with the Federal Trade Commission, charging that Uber's plan to track users and gather contact details is an unlawful and deceptive trade practice. EPIC cites Uber's history of misusing customer data as one of many reasons the Commission must act. EPIC has also recommended comprehensive legislation for Uber and other similar companies. EPIC has previously pursued successful complaints at the FTC concerning Google, Facebook, WhatsApp, Snapchat and other firms. The complaints typically lead to investigations and then to settlements following a change in business practices.
Senator Franken Questions Uber About Use of Passenger Data » (Dec. 17, 2014)
Senator Franken has received a response from Uber about the the ride-sharing company's privacy practices. Last month, Franken asked Uber to answer ten questions about the company treats use of passenger data. Specifically, Franken questioned Uber's use of the "God view" tool, which allows the company to track individual customers in real time. Uber failed to answer several of Senator's questions and provided "a surprising lack of detail." EPIC recently proposed "Privacy Rules for Uber," as part of the "Rideshare Privacy Act of 2015." EPIC wrote that "there should be clear legal limits on the use of 'God view,'" explaining, "any use of that feature to track or stalk passengers should be prohibited by law. And all of these legal rights should be backed with meaningful fines if the company crosses the line." EPIC concluded, "the collection of detailed information on Uber passengers is a real problem that can no longer be ignored." For more information, see EPIC: Drivers Privacy Protection Act and EPIC: Automobile Event Data Recorders (Black Boxes) and Privacy.

Background on Uber

Uber is an American company that allows consumers to arrange transportation and other third-party services by way of a smartphone application. The app connects local drivers and riders by utilizing riders’ phone GPS capabilities. According to recent estimates, Uber has more than 8 million users and 160,000 drivers active on its service worldwide. The company currently operates in approximately 150 U.S. markets and is estimated to be valued at $41 billion.

To request a ride, Uber passengers select which kind of car service they would like to request on the Uber app and then enter in their location and destination address either manually or through the app’s automatic GPS or Wi-Fi location detector. The app alerts users when a car has been confirmed and shows the driver’s name, license plate number, route, and estimated time of arrival. After the ride is completed, a receipt is emailed to customers. Passengers and drivers rate each other, as an incentive to both encourage good customer behavior and provide feedback on drivers.

EPIC's Complaint

On June 22, 2015, EPIC filed a formal complaint with the Federal Trade Commission regarding the impact on consumer privacy of Uber's upcoming privacy policy changes and advertising techniques. As of July 15, 2015, Uber is replacing its current privacy policy to include changes to its collection of consumer location data, access to contact data, and its advertising practices. Uber alleges that “users will be in control: they will be able to choose whether to share the data with Uber.” However, not all users have the ability to control the data collected by the Uber app, and critics have characterized the proposed changes as being overly intrusive, especially due to Uber’s recent privacy protection failures. Uber is significantly expanding the potential uses of user information for advertising purposes, and has made clear that it intends to incorporate the data of Uber users into “potential new use cases.” The proposed changes confuse Uber customers’ understanding of the use of their location data and their exposure to advertising, and constitute an unfair and deceptive trade practice, subject to investigation by the Federal Trade Commission.

The Federal Trade Commission Act (“FTC Act”) prohibits unfair and deceptive acts and practices, and empowers the Commission to enforce the Act’s prohibitions. Under the Act, a business practice is deceptive if it “involves a representation, omission or practice that is likely to mislead the consumer acting reasonably under the circumstances,” and is “material,” or meaningful to the consumer. Unfair acts under Section 5 are those that “cause[] or [are] likely to cause substantial injury to consumers which [are] reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.”

Legal Theories

EPIC charges Uber with Deceptive Representation regarding User Control

EPIC charged Uber with deceptive representation in violation of Section 5 of the Federal Trade Commission Act for their misleading portrayal of user privacy control. While Uber’s new easy-to-read policy initially received accolades, such plain language makes it easy to see exactly how much information Uber is acquiring from its users. While Uber purports to commit to user privacy in official statements, it remains unclear whether or not users can in fact choose to withhold data from Uber.

One of the major changes in the new policy allows Uber to conduct real time tracking of passengers while the app is not in use. While the app is running in the foreground or background, Uber is able to collect information of your precise location. Even if location services or GPS is disabled, Uber can still derive a user’s location from their phone’s IP address. Another significant change in the policy permits Uber to access users’ address books. Uber may not only access but store names and contact information from the address book and use it to “facilitate social interactions” and send out promotional communications. Users and experts have characterized the new policy changes as being overly intrusive, especially due to Uber’s recent privacy protection failures.

In response to criticism about the changes to the privacy policy, an Uber spokesperson attempted to clarify that tracking passengers in real time and accessing users’ address books are merely “potential new use cases” of its customers’ data. In other words, how Uber will utilize the large amount of newly collected is data has yet to be determined.

Uber’s representations about user control are misleading. Uber stated that if the company ever launches the controversial features, the app would still work if the user chooses not to opt in. However, the new privacy policy relies on iOS permission systems through which Uber users may opt in to the collection of certain data. When a user installs the Uber app on their phone, the iOS platforms will alert the user that Uber wants to access certain types of information at which point you can consent, or not consent, to that request. Other platforms, such as Android, only notify the user of the request, but use of the app itself constitutes consent. Once Android users use the app, they cannot stop or modify Uber’s access to their information.

EPIC Charges Uber with Deceptive Representation regarding Ability to Opt Out of Targeted Advertising

EPIC further charged Uber with deceptive business practices in violation of Section 5 of the FTC Act because of the company’s policy change regarding targeting advertising. In addition to its overall assurances about data privacy, Uber told customers in 2013 that they would be able to opt out of targeted ads. Customers would reasonably assume that this is still the case. In fact, Uber customers can no longer opt out of targeted ads. As a result, users’ personal information may be disclosed to parties they do not intend or expect to share it with. Uber’s failure to provide a means of opting out of targeted advertising in its new privacy policy therefore constitutes a deceptive act or practice in violation of Section 5.

EPIC Charges Uber with Deceptive Representation Regarding Data Protection

EPIC also charged Uber with engaging in deceptive business practices in violation of Section 5 of the FTC Act in representing that its users’ Data Would be Protected by Robust Security Measures. Uber claims in its new privacy policy that it will “take appropriate measures to protect [users’] personal information.” But Uber has a history of poor data security. Uber’s database was hacked in early 2014, exposing tens of thousands of its drivers’ information, but the company did not discover the breach for months and took an additional five to notify its drivers. Uber has yet to release what its practices for securing its users’ and drivers’ personal information are. Multiple security experts have stated that Uber is the largest ever “cyber-espionage target” of its kind (taxi, car service, or other such private entity) and likely vulnerable to attacks.

In addition, Uber has a history of allowing people within and without the company to have unrestricted access to its customers’ personal information. Toward the end of 2014, individual employees could use “God View,” an “easily accessible” internal company tool, to obtain a specific rider’s real-time and historic location data without notifying or requesting that rider’s permission. Potential employees have also been granted access to Uber’s “God View” in their visits to the company, allowing non-Uber employees to temporarily track friends, co-workers, or politicians’ family members. While Uber has stated that its employees can access and use customers’ information only for “legitimate business purposes,” it has not disclosed what those purposes might be. In the past, one of the official reasons Uber used riders’ personal information for was to map customers’ “Rides of Glory” by tracking one-night stands and subsequent “walks of shame.” Uber’s opaque data security practices prevent customers from determining whether Uber is actually taking “appropriate measures” to protect their data.

EPIC charges Uber with Representation and Unfair Trade Practice regarding its Tracking of Users’ IP Addresses

EPIC charged Uber with an unfair business practice in violation of Section 5 of the FTC Act. EPIC explained that tracking users by their IP address without their knowledge “poses potential safety risks” and “undermines consumers' decision-making autonomy.” It therefore causes substantial injury to consumers that is outweighed neither by countervailing consumer benefit nor competition. In order to avoid the injury, users must either delete the app or cease to use Uber's services. As such, the injury is not reasonably avoidable.

EPIC has also charged Uber with a deceptive practice. As Uber represents that users will be able to choose whether to share location data to Uber. This statement will likely mislead reasonable consumers into believing they can choose not to disclose location data with Uber after downloading the app.

Resources

• Letter from EPIC Exec. Dir. Marc Rotenberg to FTC Comm’r Christine Varney (Dec. 14, 1995)
• Julia Horwitz & Marc Rotenberg, Privacy Rules for Uber, The Huffington Post (Dec. 12, 2014)
• Federal Trade Commission, FTC Charges Deceptive Privacy Practices in Google’s Rollout of Its Buzz Social Network (Mar. 30, 2011)
• Fed. Trade Comm’n, FTC Policy Statement on Deception (1983)
• Fed. Trade Comm’n, FTC Policy Statement on Unfairness (1980)
• Craig Timberg, et al. Uber Executive Stirs Up Privacy Controversy, Wash. Post (Nov. 18, 2014)
• Craig Timberg, Is Uber’s Rider Database a Sitting Duck for Hackers?, Wash. Post (Dec. 1, 2014)
• Sam Frizell, What Uber Still Won’t Say About Your Data, Time (Jan. 30, 2015)
• Eric Newcomer, Uber Broadens Rider Privacy Policy, Asks for New Permissions, Bloomberg, (May 28, 2015)
• Hogan Lovells, Review and Assessment of Uber’s Privacy Policy (Jan. 2015)

News Reports

Articles About EPIC's Complaint

• Group Files FTC Complaint Over Uber Privacy Policy, CBS New York (June 24, 2015)
• Are you worried about Uber's new privacy policy?, Lancaster Online (June 24, 2015)
• Lisa Vaas, Uber wants even more customer data - EPIC asks FTC to slam on the brakes, Naked Security (June 24, 2015)
• Uber may be tracking you 24/7, ABC15 Arizona (June 23, 2015)
• Uber’s Revised Privacy Policy Could Allow Users To Be Tracked 24/7, CBS San Francisco (June 23, 2015)
• Jennifer Abel, EPIC fail for Uber's new privacy policy: FTC asked to block "deceptive data collection", ConsumerAffairs (June 23, 2015)
• Hot on your trail? Complaint filed against Uber for allegedly tracking passengers, accessing personal info, FOX6 (June 23, 2015)
• Rhiannon Nee, Uber To Track Your Data, Even When The App Is Closed, GeekSnack (June 23, 2015)
• Lily Altavena, Uber might soon track you even after your ride is over, Kicker (June 23, 2015)
• Jody Godoy, Uber's Tracking, Privacy Policies Deceptive, Group Tells FTC, Law360 (June 23, 2015)
• Meredith Clark, Could Uber Be Tracking You Right Now?, Refinery29 (June 23, 2015)
• Jay Barmann, Now Uber Wants To Track Your Location Even When App Is Not Running, SFist (June 23, 2015)
• John Kennedy, Location data complaint filed against Uber, Silicon Republic (June 23, 2015)
• Collen Kriel, Uber to become Big Brother unless FTC halts new privacy policy, SiliconANGLE (June 23, 2015)
• Uber faces FTC complaint following changes to app privacy policy, Techworld (June 23, 2015)
• Larry Banks, Uber faces legal challenge over plan to track users when not using the app, Thai Tech (June 23, 2015)
• Robin Levinson King, Privacy advocates file complaint over new Uber policy, Toronto Star (June 23, 2015)
• Jeff John Roberts, Uber privacy charges are overblown—except for one thing, Fortune (Jun. 23, 2015)
• Iain Thomson, Uber app will soon maybe track you 24/7, cry privacy warriors, The Register (Jun. 23, 2015)
• Uber may track you 24/7, CNN Money (Jun. 23, 2015)
• Uber's New Tracking Policy Raises Privacy Concerns, ABC7 News (June 22, 2015)
• Roger Fingas, Privacy group asks FTC to limit location, contact sharing in Uber's mobile apps, AppleInsider (June 22, 2015)
• Cyrus Farivar, FTC asked to block Uber from getting location data in background, Ars Technica (June 22, 2015)
• Hamza Shaban, Uber Under Fire For Plan To Track Users, BuzzFeed (June 22, 2015)
• Mary Beth Quirk, Privacy Group’s FTC Complaint: Uber Shouldn’t Track Users When They’re Not Using The App, Consumerist (June 22, 2015)
• Nicole Bogart, Uber faces controversy over plan to track user’s locations even when app isn’t running, Global News (June 22, 2015)
• Pratap Chatterjee, Ride-Sharing Service Uber Plans to Track Users Should Not Be Allowed, Says Privacy Group, Global Research (June 22, 2015)
• Anthony Cuthbertson, Uber faces lawsuit over 'greedy and creepy' plans to track users not running app, International Business Times (June 22, 2015)
• Wendy Davis, FTC Should Prevent Uber From Collecting 'Unnecessary' Information, Watchdog Says, MediaPost (June 22, 2015)
• Uber’s Promises of Privacy Ring Hollow, Says Group, MONEY (June 22, 2015)
• Brendan Sasso, Feds Urged to Investigate Uber’s Plan to Track Users, National Journal (June 22, 2015)
• Mekahlo Medina, 24/7 Tracking in Uber App Update Threatens Users' Privacy: Federal Compliant, NBC Los Angeles (June 22, 2015)
• Matt Moreno, Privacy Group Files FTC Complaint Over Uber's New Policies, Newsy (June 22, 2015)
• Grant Gross, Privacy group complains about Uber data collection, PCWorld (June 22, 2015)
• Abubaker Zahoor, Privacy Group To Challenge Uber’s New Privacy Policy At The FTC , TechFrog (June 22, 2015)
• David McCabe, Uber hit with privacy complaint, The Hill (June 22, 2015)
• Mark Wilson, ,Lawsuit fights Uber's user location tracking plans, Beta News (Jun. 22, 2015)
• Natasha Singer and Mike Isaac, Uber Data Collection Changes Should Be Barred, Privacy Group Urges, New York Times (Jun. 22, 2015)
• Smith Dalton, Following an update to it’s privacy policy, Uber will now be able to track your location even if the app is closed, Tech News Today (Jun. 22, 2015)
• Daina Beth Solomon, Uber could track passengers after they leave car, privacy group claims, Los Angeles Times (Jun. 22, 2015)
• Nathan Mcalone, Uber will soon be able to track your location even if you exit the app and have GPS turned off, Business Insider (Jun. 22, 2015)
• Rachel Adams-Heard, Uber’s Customer Tracking Draws FTC Complaint From Privacy Group, Bloomberg Business (Jun. 22, 2015)
• Elizabeth Weise, Privacy group asks FTC to investigate Uber, USA Today (Jun. 22, 2015)
• Rupert Neate, Uber faces FTC complaint over plan to track customers’ locations and contacts, The Guardian (Jun. 22, 2015)
• Mic Wright, Uber faces legal challenge over plan to track you even when its app isn’t running, TNW News (Jun. 22, 2015)

Articles About Uber and Privacy

• Katherine Tassi, An Update On Privacy at Uber (May 28, 2015)
• Uber, Protecting Privacy: Our Commitment,(Jan. 30, 2015)
• Uber Privacy Policy, Uber.com (effective July 13, 2013)
• Privacy Statements, Uber.com (effective July 15, 2015)
• Company Overview of Uber Technologies, Inc., Bloomberg Business (June 12, 2015)
• John Patrick Pullen, Everything You Need to Know About Uber, Time (Nov. 4, 2014)
• Mary Beth Quirk, How Do Uber and Lyft Work and Why Should I Even Care?, Consumerist (Sept. 18, 2014)
• Mike Isaac, Uber Pledges to Improve Data Privacy Practices, NY Times (Jan. 30, 2015)
• Johana Bhuiyan & Charlie Warzel, “God View”: Uber Investigates Its Top New York Executive For Privacy Violations, Buzzfeed (Nov. 18, 2014)
• Peter Sims, Can We Trust Uber?, Medium (Sept. 26, 2014)
• Tracey Lien, Uber Security Breach May Have Affected Up to 50,000 Drivers, LA Times (Feb. 27, 2015)
• Tom Kise, Congress Votes Uber, Hamilton Place Strategies (Nov. 2014)
• Kai Ryssdal, Uber's Data Makes a Creepy Point about the Company, Marketplace (Nov. 18, 2014)
• Joseph Koebler, Uber's Text Message Spam Is Driving People Crazy, Motherboard (June 12, 2015)
• Tracey Kaplan, Lawsuit Claims Uber Pesters Consumers via Spam Texts to Work as Drivers, San Jose Mercury News (June 12, 2015)
• Natasha Singer, Sharing Data, But Not Happily, NY Times (June 4, 2015)
• John Ribeiro, Uber Revises Privacy Policy, Wants More Data From Users, NetworkWorld.com (May 28, 2015)
• Mariella Moon, Uber Will Let Drivers Track Your Location, But Only If You Agree (Update), Engadget.com (May 31, 2015)
• Sunainaa Chadha, If You Have An Android Phone, Uber’s New Privacy Policy Will Spook You, FirstPost.com (May 29, 2015)