Uber has reached a settlement with the New York state attorney general requiring it to encrypt riders’ geolocation information and implement other rider privacy protections.
Unlike other such privacy orders from regulators, this one outlines measures to protect consumer data not just from hackers, but from Uber’s own executives.
In November 2014 the NY attorney general launched an investigation into Uber’s “collection, maintenance, and disclosure” of riders’ personal information after reports came in that Uber executives could track specific riders’ locations via a Big Brother-style program dubbed “God View.”
Uber also failed to report that “an unauthorized third party” had accessed the driver names and driver license numbers of as many as 50,000 Uber drivers as early as September 2014. Uber told the attorney general about it in late February 2015, a full six months after the incident.
Uber will pay a fine of $20,000 to close the investigation. In addition to encrypting rider geolocation information, it will ask employees for multifactor authentication before accessing rider information.
“This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle,” said Attorney General Schneiderman.
Uber’s “God View” program was revealed in a ValleyWag article describing a party in Chicago where Uber executives used the technology to target specific people, including journalists who had been critical of the ride-hailing service.