During the last six months of 2015, Uber received 33 requests from regulatory authorities seeking trip data on more than 12 million Uber drivers and riders. The company announced these requests from regulatory officials in its first transparency report, which was released Tuesday.
Uber was fined $7.6 million in January for failing to provide data on its drivers to the California Public Utilities Commission.
In a Medium post announcing the transparency report, Uber referred to its tangle with regulatory authorities such as California's utility commission. “These agencies have the power to force companies to give them information, such as trip data,” the company wrote on Medium.
A major challenge facing the ride-sharing company is that while regulators require data to manage traffic patterns, facilitate municipal planning and other uses, the requests on companies like Uber are more invasive than requests made of companies that do not utilize a technological infrastructure – partially because the regulators know Uber data exists and is traceable, while that is seldom true for taxi or limousine companies.
“While the line between the digital and real world has blurred, the way regulators approach data remains unchanged,” Uber wrote in the Medium post, “And while this kind of trip data doesn't include personal information, it can reveal patterns of behavior — and is more than regulators need to do their jobs. It's why Uber frequently tries to narrow the scope of these demands, though our efforts are typically rebuffed.”
The company is caught in an adversarial relationship with many municipalities, as it has sometimes been viewed as a disruptive threat to established interest groups such as taxi and limousines services that support local officials.
In the report, Uber wrote that it attempted to negotiate a narrower scope of data requested by regulatory officials. The companies complied with regulator's requests for information, after successfully negotiating a narrower scope of data required in 42.4% of the requests. The company complied with regulatory requests but was unsuccessful in attempts to negotiate a narrower scope in 36.7% of requests.
The timing of Uber's disclosure may have an “interesting impact” on the dialog with European regulators, who have already voiced concerns regarding privacy related to the Privacy Shield agreement, said Mary Hildebrand, chair of Lowenstein Sandler's privacy and information security practice, in speaking with SCMagazine.com. On Wednesday, a group of European data privacy regulators known as the Article 29 Working Party ruled that Privacy Shield does not adequately address the bulk collection of data on private citizens.
“Uber's transparency report doesn't add much fuel to the fire in terms of general criticism from the EU regarding Privacy Shield,” said Mike Godwin, director of innovation policy and general counsel for the R Street Institute, speaking with SCMagazine.com. If is determined that other government agencies were given access to this user data, that may change the equation, added Godwin. “But that is not what we're seeing now.”