One week after revealing it could monitor passengers’ locations before and after a ride takes place, Uber is facing new accusations that it doesn’t respect customers’ privacy. The allegations come from a lawsuit filed by a former worker, and includes claims that employees tracked “high profile politicians, celebrities, and even personal acquaintances.”
As noted by the Center for Investigative Reporting, Ex-Uber engineer Ward Spangenberg’s wrongful termination lawsuit alleges that the company doesn’t “have regard for data protection.” He said “thousands” of Uber employees had access to rider data, using it to track famous personalities such as Beyonce and former partners.
In addition to wrongful termination, 45-year-old Spangenberg is suing Uber for age discrimination and defamation. Officially, he was fired for reformatting his work computer and accessing emails related to his performance review. He says reformatting PCs is a common practice among workers, and that he was testing a program that searches emails. The real reason he was pushed out the door, Spangenberg claims, is because of his relatively older age and whistleblowing antics.
Back in 2014, Uber came under fire for its “God view” tool, which allowed corporate employees to track riders in real-time. The company's New York general manager used it to track a BuzzFeed reporter without her knowledge.
Spangenberg’s suit also alleges that Uber would shut down its offices and encrypt all its computers whenever a government raid took place so officials couldn’t access the firm’s information.
Uber has, of course, denied all of this, calling Spangenberg’s claims “absolutely untrue.” In a statement, (below) the ride-hailing company says its data is protected by hundreds of security and privacy experts, and that access to customer data is limited to employees who require it to do their jobs.
Uber continues to increase our security investments and many of these efforts, like our multi-factor authentication checks and bug bounty program, have been widely reported. We have hundreds of security and privacy experts working around the clock to protect our data. This includes enforcing strict policies and technical controls to limit access to user data to authorized employees solely for purposes of their job responsibilities, and all potential violations are quickly and thoroughly investigated.
It's absolutely untrue that "all" or "nearly all" employees have access to customer data, with or without approval. And this is based on more than simply the "honor system": we have built entire system to implement technical and administrative controls to limit access to customer data to employees who require it to perform their jobs. This could include multiple steps of approval—by managers and the legal team—to ensure there is a legitimate business case for providing access.
What's more, if an employee has access to some customer data, she does not have access to all customer data. Access is granted to specific types of data based on an employee's role. All data access is logged and routinely audited, and all potential violations are quickly and thoroughly investigated.
Many employees are in operational roles and have legitimate reasons to access customer data. For example, our anti-fraud experts have access to trip data so they can investigate allegations of scams and compromised accounts. Some employees have access to driver profiles in order to check the validity of insurance documents required by law. If a rider requests a refund, an authorized customer support representative would access to data needed to credit that rider's account. In the case of a traffic incident, a dedicated member of our safety team needs to access customer data to conduct a proper investigation and help the affected parties reach resolution.