Uber Releases New Privacy Statement

May 30, 2015 mitch tanenbaum Leave a comment

Uber has released a new privacy statement which goes into effect July 15th. If you use Uber after that date, you are consenting to their new policy. While not outrageous, it is interesting. And it does point out one difference between Uber and a taxi. The taxi is much more anonymous. At worst, the taxi knows where you were picked up and dropped off and your credit card information *IF* you choose to pay that way.

Here are some of the highlights of the Uber privacy policy. There are different policies for customers and drivers, U.S. and outside the U.S. I am focusing on the U.S. customer policy, which can be found here.

Using the driver’s app, not yours, they collect location information during the trip. If your app is running in the foreground OR BACKGROUND, they also collect location information from your phone as well as location information from your IP address. It says that they collect location information from your app if you allow it. For iPhone users, you have the ability to specifically disallow that permission; Android users won’t have that until Android M, the next version of the Android OS previewed this week.
If you allow it, they will access your address book “to facilitate social interactions”. Again, the same iPhone/Android permissions statement holds as above, but assuming you do not take away the permission the app asks for, they have the right to rummage through your address book, it would appear, to spam your friends and business associates. And, since no one ever stores anything sensitive in their address book – like maybe passwords – it is not clear if they will have access to that data as well.
Transaction information – date, time, type of service, promo codes, etc. This seems normal.
Device information – model, operating system, version, software and file names and versions, unique identifier, advertising identifier, serial number, motion information and network information. That’s pretty creepy. This allows them to both understand their user community and track you as they aggregate data from other sources.
Call and SMS data – this appears to only be for interactions between you and them, not call and SMS data in general.
If you log in with your social media account (Facebook), they will aggregate your social media information into your profile. While this is easier for you to do (one less password), I do not recommend doing this for privacy reasons.

The policy also says what they will use the data for.

A couple of thoughts about their privacy policy –

The policy is actually pretty easy to read, aside from a few typos that their proofing didn’t catch. I give them brownie points for that.

They definitely collect way more data than is required for them to provide the service to you. They want to be able to profile you and spam your friends. If you do not disallow the permissions they ask for, they have access to way more data than I would care to give them.

If you use your social media account to log in, they have even more information about you; I would suggest not doing that.

So, if you are concerned about your privacy, a taxi may be a better way to go.