Silicon Valley-based ride-sharing company Uber is looking eastward to inject some wisdom into how it handles user data.
Reeling from public outcry over alleged data abuses, Uber is working with a law firm in Washington, D.C., to conduct an in-depth review and assessment of its policies, it said Thursday.
It’s unclear what specifically Uber is looking to change, but addressing the circumstances around which Uber can access and view customers’ rider logs and trip histories seems to be a focus.
“The trip history of our riders is important information and we understand that we must treat it carefully and with respect, protecting it from unauthorized access,” the company said in its announcement.
“Ensuring that we have strong policies and practices in this fast-paced world of technology must be a constant quest,” Uber said.
An Uber spokeswoman declined to comment further on what areas of Uber’s data use policies the law firm would be looking at.
Uber appears to have chosen able experts. The law firm Hogan Lovells is at the forefront of data privacy issues, recently launching a new practice focused on drones. Leading the assessment of Uber’s policy is attorney Harriet Pearson, former chief privacy officer at IBM, who has advised companies on privacy issues and regulatory compliance matters.
A wave of criticism has been leveled at Uber this week, following remarks made by a senior executive suggesting Uber was planning to hire researchers to dig up dirt on journalists giving the company bad press, as reported on BuzzFeed.
Then came a report that Uber had a cavalier attitude toward some customers’ data, employing a tool called “god view” that lets employees access and view rider logs without riders’ permission. The tool had been used to view the travel logs of at least one journalist who had been covering the company, according to BuzzFeed.
Senator Al Franken, a Minnesota Democrat, sent a stern letter to Uber CEO Travis Kalanick Wednesday, demanding answers about the company’s “troubling disregard for customers’ privacy.”
Uber has stressed that it prohibits employees from accessing rider or driver data, except for a limited set of “legitimate business purposes.”
But even if individual rider data is not accessed except in narrow circumstances, Uber’s aggregated data could still give rise to privacy concerns, or rub people the wrong way. Two years ago, Uber organized rider data to track one-night stands in various cities.
Attorneys at Hogan Lovells did not respond to a request for comment about what areas of Uber’s policies they would be focusing on.
Further reading: Why you should delete Uber, and what to use instead
Uber’s full data use policy is exhaustive and at times difficult to grasp, carrying statements like, “we may use your personal information or usage information we collect about you ... for internal business purposes.”
Lawyers are likely to first home in on how Uber handles individual people’s data in an attempt to curb abuse, said Andrew Crocker, a legal fellow at the Electronic Frontier Foundation.
“You can infer that Uber is taking this seriously and they recognize people are upset,” he said in an interview.
Whether Uber can repair the damage around its public image is another question. Some users have since said they’ve deleted the Uber app from their phones, but the convenience of Uber’s service might outweigh privacy concerns for other people.
Privacy concerns routinely surface among users of services like Facebook and Google. But Uber is in a different situation, with executives allegedly taking an interest in people’s private lives and geolocation, for reasons that are questionable at best and unethical at worst.
It’s these sorts of issues that lawyers are likely to focus on within the confines of Uber’s practices, EFF’s Crocker said.
Broader issues around Uber’s data collection and the use of data are important, “but more front of mind now are these individual incidents and anecdotes,” he said, adding, “they’re definitely in damage control mode now.”