A spokeswoman for Uber tells NPR that users will now have the option to share their location with the company only while using the app. That setting had been available before November’s change.
“Uber’s latest update allows the ride-hailing app to track user location data even when the application is running in the background,” NPR’s Laura Roman reported at the time. “Previously, Uber only collected data from the user if the rider had the application open. Now, if a rider calls for an Uber and closes the app, Uber says it will continue to collect location data up until five minutes after the ride ends. That means Uber can see where you end up after you leave the car.”
“We’ve been building through the turmoil and challenges because we already had our mandate,” Sullivan told the news service.
After Uber changed the privacy options in November, users were forced into all-or-nothing location permissions: If a user did not permit the app to “always” track their locations, they were forced to select “never” – which meant having to type out one’s current location every time one hailed a ride. (A minor bummer, but still inconvenient, given the handy geolocation sensors baked into smartphones.)
Allowing Uber to always track one’s location didn’t seem great either, given that this was the same company that announced in 2012 it had scoured user data and calculated the prevalence of one-night stands.
Why exactly did Uber need to know where riders went after they got out of the car? Uber said it used the data to “to improve pickups, drop-offs, customer service, and to enhance safety.”
Privacy concerns about Uber have been a constant, and the Electronic Privacy Information Center filed a complaint against the company in June 2015.
It turns out that Uber was tracking users in other ways as well, using a technique known as fingerprinting. The New York Times reported in April that the company was “secretly identifying and tagging iPhones even after its app had been deleted and the devices erased,” in violation of Apple’s privacy guidelines.
Two weeks ago, Uber entered into a consent agreement with the Federal Trade Commission, to settle FTC charges that the company “deceived consumers by failing to monitor employee access to consumer personal information and by failing to reasonably secure sensitive consumer data stored in the cloud.”
Under the agreement, Uber is required to implement a comprehensive privacy program that addresses privacy risks related to its products and services. It’s also barred from misrepresenting how it monitors internal access to customers’ personal information, or how it protects and secures that data. And its privacy program must be audited by a third party — every two years for the next 20 years.
Post-trip location collection is already disabled for iPhones and Android, Uber says, and the new privacy settings will appear on iPhones over the next few weeks.
“We’re working through the mechanics for Android now,” Melanie Ensign of Uber’s Security and Privacy Communications wrote in an email to NPR, “but we’re committed to parity for transparency, privacy & choice across both platforms.”