Barcelona Cabs struck against Uber Taxi App in 2014.
Photograph by David Ramos—Getty Images
By Laura Lorenzetti
November 18, 2014

When you signed up for Uber, just like for most mobile apps, you clicked “yes” to its Terms of Service. Among the long paragraphs of legalese you probably read was the company’s privacy policy.

As a maelstrom rages over an Uber executive’s statements regarding recent media coverage, many may be wondering how far the company can go with all the information at its digital fingertips.

The quick answer: it’s complicated.

Essentially, Uber collects basic user data (your name, e-mail and credit card information) as well geo-location data. The company uses that for a range of “internal business purposes,” which could be interpreted broadly.

Now for the long answer.

Privacy policies are not legally required on a federal level unless you’re in a regulated industry such as healthcare, or financial services, although some states — California, for example — have laws on the books that demand them.

Apps like Uber fall under the jurisdiction of the Federal Trade Commission, which can sue companies over deceptive policies if they feel an organization lacks a needed, or sufficient, privacy policy, said Lisa Sotto, a privacy and cybersecurity lawyer at Hunton & Williams.

Uber’s nearly 6,000-word privacy policy is as long as most go, and not the easiest to understand, said Sotto. “They’ve done significant due diligence to put this together,” she said.

For comparison, Lyft’s privacy policy is about 2,000 words, Facebook’s (FB) policy is about 5,300 words and Apple’s (AAPL) is just over 3,000 words.

A typical privacy policy provides information on the data that’s collected, to whom it’s disclosed and the security in place to protect that information. Uber’s policy touches on each of those topics in depth, although the language leaves room for interpretation.

“The policy statement has been carefully crafted,” said Sotto. “So if it’s vague, it’s vague for a reason.”

So, what information does Uber collect, and what does the company say it can do with that information?

This is a top-line summary of Uber’s policy. The full 6,000-plus word rundown is available on the company’s website.

You May Like

EDIT POST