The fact that the information came from a nameless spokesperson for a company known for previous abuses of privacy makes some people dubious.
Issues of anonymity and privacy have dogged Uber for the better part of a year, so though the policy isn't an outlier, it had added to the suspicions people have about Uber.
“Their app is not that much different than Facebook any of the others in terms of what data it collects,” said privacy expert Robert Neivert, chief operating officer of Silicon Valley-based Private.Me. “Their data collection may be a little bit more aggressive, but that’s not what bothers me. The problem is that Uber has shown poor judgment in the use of that information.”
Uber and its smaller rival Lyft moved into the Pittsburgh area last year, each without securing regulatory approval in advance and without licenses to do business in the Commonwealth. The companies pair drivers in their own vehicles with passengers via smartphone app, for cashless transactions.
After a months-long tussle with the Pennsylvania Public Utility Commission, which included a cease-and-desist order for each company, and fines for individual drivers, both Uber and Lyft now have two-year experimental licenses to operate in most of Pennsylvania, with the exception of Philadelphia.
One of the segments of the revised policy that has raised many eyebrows is how Uber tracks passengers even when the user disables the GPS features. “...disabling our app’s collection of precise location from your device will not limit our ability to collect your trip location information from a Driver's device nor our ability to derive approximate location from your IP address,” the policy states.
The Uber spokesperson pointed out that since it is a location-based service, location data was key in allowing the app to function as designed.
“Look, the Internet is based on the idea that I pay for things with my privacy,” Mr. Neivert said. “Many other people have and use my data, which they use mostly for ads. Facebook knows everything about me, probably, and so does Google. It’s when companies go further that it gets upsetting.”
The ubiquitous “Uber spokesperson” often leaps to the defense of the San Francisco-based company, which has a current valuation of around $50 billion. While the company does not always rely on unnamed representatives to handle press briefings, its spokespersons have been very busy over the past year.
In November, Buzz Feed News reported that Uber senior executive Emil Michael suggested at a dinner party that the company ought to hire “opposition researchers” to smear journalists critical of Uber. Mr. Michael later apologized for his remarks, and Uber said it had no such opposition researchers on its staff.
Reports surfaced around the same time of Uber employees abusing the company’s “God view” console, which tracks cars on the platform in real time, to stalk a reporter and other unsuspecting passengers. And drivers reported around the same time that Uber was “ghost-texting” drivers’ contacts, in an effort to recruit new drivers.
By contrast, there have been few specific reports of similar problems at Uber’s much smaller rival Lyft. Known for its pink mustaches and slightly goofy company culture, Lyft revised its privacy policy in December, not long after the BuzzFeed story about Uber broke. Company spokeswoman Paige Thelen explained that Lyft had restricted access to the internal operations dashboard to employees who need it to do their jobs.
“On top of that blanket restriction, we’ve introduced a tiered access system within the dashboard itself, so that we can restrict access on an even more granular level,” Ms. Thelen wrote in an email. “We are constantly keeping an eye on our policies to make sure they're up to date with our practices.
The incidents prompted Uber to commission a review of its privacy policy from law firm Hogan Lovells. The review, released in January, was conducted over a six-week period and found that Uber had “appropriate policies and procedures” in place in key areas including transparency, data security internal access controls and other segments of the company.
“In fact, Uber has dedicated significantly more resources to privacy than we have observed of other companies of its age, sector, and size,” the report stated. The scope of the review only covered the policy as written, not how the policy is carried out by employees.
The report’s authors issued a number of recommendations for Uber to further improve its privacy policy, including how it handles information from accounts that have been deleted. The policy currently states that “in some cases, we may retain certain information about you as required by law, or for legitimate business purposes to the extent permitted by law.”
What those “legitimate business purposes” are is also not totally clear.
The review also recommended the streamlining of Uber’s privacy policy, to make it easier for customers to understand. Mr. Neivert said he gives Uber credit there, that the revised version of the policy is much clearer. “But it’s the smallest of small steps,” he added.
And as concerned as he is about how Uber conducts business, and as much as he prefers Lyft for its “better judgment,” Mr. Neivert admits he has fallen back on Uber in a few instances where he could not get a Lyft and needed a ride.
“Every now and then, when I’m stuck, I need Uber,” Mr. Neivert said. “I’ll load the app, take a ride and then delete it.”
He said Uber is likely banking on that fact: that since its app is easy to use and provides convenience, people will look the other way about the company’s image problems. “How many people love their cable provider?” he mused. “But everyone has cable.”
Frequent Uber passenger Justin Mastrangelo of Coraopolis works on the South Side, and said he read Uber’s privacy policy and found it not that different from other apps he uses. And he’s an unabashed fan of the company’s service.
“Uber is like a glass of water in the desert of Pittsburgh’s transportation,” Mr. Mastrangelo said. “What they’re asking to use is common in apps. I downloaded the Post-Gazette’s app the other day and it also asks for location data when you’re not using the app. You can always say ’no’ to those permissions if you’re not comfortable with them.”
Of greater concern to Mr. Mastrangelo is that as Uber grows larger, it could edge out other ride sharing companies and become a monopoly. He thinks the scrutiny on the company and its privacy policy will help keep Uber in check.
“Uber’s under the spotlight,” he said. “I’m more worried about my data in the hands of these little app companies that no one is paying attention to.”
But Mr. Mastrangelo was hard-pressed to come up with a scenario that would compel him to stop using Uber altogether.
“Uber is phenomenal, especially here in Pittsburgh,” he said. “I don’t know what they’d have to do with my data to make me stop using them. They could have a drone follow me around all day and I’d still use Uber.”
©2015 the Pittsburgh Post-Gazette, Distributed by Tribune Content Agency, LLC.
