Latest in Gear

Image credit:

Uber agrees to 20 years of user privacy audits in FTC settlement

It's accused of doing too little to stop abuse of customer data.
Jon Fingas, @jonfingas
August 15, 2017
Share
Tweet
Share

Sponsored Links

Spencer Platt/Getty Images

Uber has come under fire more than once for failing to protect privacy, and now it's facing the consequences. The ridesharing outfit has settled with the US' Federal Trade Commission over allegations that it not only didn't adequately safeguard data, but misrepresented how secure that info really was. Uber didn't monitor staff access to personal info as closely as it said it did, the FTC says, and it also gave a false impression of how secure that info was when stored on third-party servers. Instead, employees needed just a single key to get full access to data, and it stored some information (including customer locations) online in plain text. It even ditched an automated staff monitoring tool after less than a year.

There's no mention of a fine in the settlement, but that doesn't mean Uber is off the hook. In addition to being barred from misrepresenting privacy and security, it'll have to implement a "comprehensive privacy program" and undergo third-party privacy audits every 2 years for the next 20 years. That's par for the course as far as FTC settlements go, but it's a long time in Uber terms -- the company may have fulfilled its driverless car ambitions by the time the audits are over.

In a statement, Uber tells us that it welcomes the end of the investigation and sees this as an "opportunity" to prove that it has turned a corner. You can read the full statement below.

The settlement comes right as Uber is in the midst of trying to fix a toxic corporate culture that many blame for Uber's lax approach to privacy. Uber recently ousted CEO Travis Kalanick, who was frequently blamed for the company's tendency to test (and sometimes break) legal boundaries. Other executives accused of dodgy behavior have also left the company. The FTC-mandated reforms could still be helpful, but Uber may be better prepared to implement them than it was just months earlier.

"We are pleased to bring the FTC's investigation to a close. The complaint involved practices that date as far back as 2014. We've significantly strengthened our privacy and data security practices since then and will continue to invest heavily in these programs. In 2015, we hired our first Chief Security Officer and now employ hundreds of trained professionals dedicated to protecting user information. This settlement provides an opportunity to work with the FTC to further verify that our programs protect user privacy and personal information."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Scientists might know why astronauts develop health problems in space

Scientists might know why astronauts develop health problems in space

View
Vizio's rotating Dolby Atmos soundbar is $400 off ahead of Cyber Monday

Vizio's rotating Dolby Atmos soundbar is $400 off ahead of Cyber Monday

View
Google shows off 'Cyberpunk 2077' running on Stadia at 4K

Google shows off 'Cyberpunk 2077' running on Stadia at 4K

View
Darth Vader actor and legend David Prowse dies at 85

Darth Vader actor and legend David Prowse dies at 85

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr