WASHINGTON (Reuters) – U.S. regulators said on Tuesday that Uber Technologies Inc agreed to do more to protect the privacy of customer and driver data in settling allegations that the ride-hailing company had made deceptive privacy and data security claims.
In its complaint, the FTC alleged Uber UBER.UL did not, as it claimed, monitor employee access to customer and driver data. Uber had developed a system to monitor employee access in December 2014, but the company stopped using the system less than a year after it was put in place and rarely monitored employee access thereafter, the FTC alleged.
Under an agreement between Uber and the FTC, Uber cannot misrepresent its access to consumers’ personal information or how it secures that data, and must implement a privacy program and submit to audits of that program, the agency said.
“This case shows that, even if you’re a fast-growing company, you can’t leave consumers behind: you must honor your privacy and security promises,” said FTC Acting Chairman Maureen Ohlhausen.
Uber was not immediately available to comment.
The Commission voted 2-0 to issue the administrative complaint and to accept the consent agreement.
Reporting by Makini Brice and Chris Sanders; Editing by Dan Grebler