Uber Technologies' new data collection policy, allowing the ride-hailing company to access a user's location even when the smartphone app is not actively in use, violates the privacy rights and personal safety of U.S. customers, according to a complaint filed Monday by a privacy group.
EPIC also objected to Uber's plans to access the information from users' phones' address books and send out promotional materials to contacts listed there.
Currently, Uber's app may access the contact information of other people on users' phones when users perform some functions in the app, such as splitting the fare or sharing their estimated arrival time with others.
It's not clear yet how Uber will ask for additional customer permissions in its app when the company begins to ask for additional data from them.
The changes "ignore past bad practices of the company involving the misuse of location data, pose a direct risk of consumer harm, and constitute an unfair and deceptive trade practice," EPIC said in its request for an FTC investigation.
The change would also improve the way Uber's app works, partly by providing a faster approximate arrival time for nearby drivers, the company said.
But EPIC, citing past misuses of customer data by Uber, questioned the new policy. "Virtually everyone who has reviewed the proposed changes in business practices has understood that the company plans even more expansive and more invasive uses of personal data even after it has engaged in egregious practices with the personal data in its possession," EPIC wrote in its complaint.
EPIC has "no basis" for a complaint with the FTC, Uber said in a statement. "We care deeply about the privacy of our riders and driver-partners and have significantly streamlined our privacy statements in order to improve readability and transparency," the statement said. "These updated statements don't reflect a shift in our practices, they more clearly lay out the data we collect today and how it is used to provide or improve our services."
Uber's new policy goes beyond what it needs to provide services, EPIC said in its complaint.
"This collection of user's information far exceeds what customers expect from the transportation service," EPIC wrote. "Users would not expect the company to collect location information when customers are not actively using the app."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.