Uber settles deceptive claim case with FTC
Uber has settled with the Federal Trade Commission over allegations that it had made deceptive claims about its privacy and data security practices, the agency announced on Tuesday.
As part of the agreement, Uber must establish a comprehensive privacy program that ensures that consumers’ personal information is protected. The company must also submit to third-party audits of its privacy practices every two years for the next 20 years.
In 2014, multiple media reports said that Uber employees had abused their access to consumer data.
In response, Uber issued a statement detailing its data privacy policy.
“Uber has a strict policy prohibiting all employees at every level from accessing a rider or driver’s data,” the November 2014 statement reads. “The only exception to this policy is for a limited set of legitimate business purposes.”
The FTC said that in December 2014, Uber instituted a program to monitor how its employees access riders’ data but abandoned the tracker after only a year.
The agency’s complaint also alleged that Uber failed to implement adequate safeguards to prevent hackers from accessing stored personal information, and as a result, a database containing the names and license numbers of 100,000 drivers was breached in a cyberattack.
In a call with reporters on Tuesday, Ohlhausen said that the FTC did not impose a fine because of the agency’s authority is limited in certain cases, but added that Uber would be subject to fines if it violated the settlement.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.