The US Federal Trade Commission (FTC) has settled an investigation into Uber, with the ride-hailing app agreeing to submit to privacy audits for the next 20 years.
The FTC concluded Uber had failed consumers after a breach of its database which led to more than 100,000 driver license numbers being stolen and by failing to monitir employee access to consumer data.
“Uber failed consumers in two key ways: First by misrepresenting the extent to which it monitored its employees’ access to personal information about users and drivers, and second by misrepresenting that it took reasonable steps to secure that data,” said acting chairman of the FTC Maureen Ohlhausen.
“This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honour your privacy and security promises.”
The regulator outlined four agreements Uber has made. It is:
- prohibited from misrepresenting how it monitors internal access to consumers’ personal information;
- prohibited from misrepresenting how it protects and secures that data;
- required to implement a comprehensive privacy program that addresses privacy risks related to new and existing products and services and protects the privacy and confidentiality of personal information collected by the company; and
- required to obtain within 180 days, and every two years after that for the next 20 years, independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order.