Technology

Uber settles deceptive claim case with FTC

by Harper Neidig 08/15/17 10:43 AM CDT

Uber has settled with the Federal Trade Commission over allegations that it had made deceptive claims about its privacy and data security practices, the agency announced on Tuesday.

According to the FTC, Uber falsely assured its customers that their data was protected from snooping employees.

“Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data,” FTC Acting Chairman Maureen K. Ohlhausen said in a statement.

{mosads}“This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honor your privacy and security promises.”

An Uber spokesman did not immediately respond when asked for comment.

As part of the agreement, Uber must establish a comprehensive privacy program that ensures that consumers’ personal information is protected. The company must also submit to third-party audits of its privacy practices every two years for the next 20 years.

In 2014, multiple media reports said that Uber employees had abused their access to consumer data.

Buzzfeed reported that Emil Michael, then an Uber executive, had suggested that the company should use its access to troves of consumer data to dig up dirt on journalists who had been critical of the company.

In response, Uber issued a statement detailing its data privacy policy.

“Uber has a strict policy prohibiting all employees at every level from accessing a rider or driver’s data,” the November 2014 statement reads. “The only exception to this policy is for a limited set of legitimate business purposes.”

Michael left the company in June amid an exodus of Uber executives pushed out following a series of scandals.

The FTC said that in December 2014, Uber instituted a program to monitor how its employees access riders’ data but abandoned the tracker after only a year.

The agency’s complaint also alleged that Uber failed to implement adequate safeguards to prevent hackers from accessing stored personal information, and as a result, a database containing the names and license numbers of 100,000 drivers was breached in a cyberattack.

In a call with reporters on Tuesday, Ohlhausen said that the FTC did not impose a fine because of the agency’s authority is limited in certain cases, but added that Uber would be subject to fines if it violated the settlement.