Following Pressure From U.S. Senate, Uber Hires Data Privacy Expert And Legal Aid To Review Company’s Policies

In light of growing concerns around Uber’s ethics and the way it manages customers’ personal data, the company announced this morning that it has brought on data privacy expert Harriet Pearson and her team at Hogan Lovells to help it conduct an in-depth review of the company’s existing policies, and make recommendations. The move comes a day after Senator Al Franken, Chairman of the Subcommittee On Privacy, Technology, and the Law, posted a public letter to Uber CEO Travis Kalanick addressing a number of the claims made over the past few days about how the company has allegedly and callously compromised user privacy.

While news that an executive Emil Michael, who recently suggested that Uber should dig up dirt on critical journalists and perform “opposition research,” has been making the rounds, perhaps more concerning is Uber’s treatment of its own customer data. Uber has often pulled information from an internal tool called “God View” that provides an overview of customers riding its network in real-time, as well as access to account history. The company seems to view this tool’s use trivially.

Uber has pulled out God View to use at parties and other launch events, where Uber broadcasts users’ locations on big screens without their permission.

In light of these and other concerns, Senator Franken asked publicly for the CEO to respond to inquires over data privacy, saying:

Your policies suggest that customers’ personal information and usage information, including geolocation data, is maintained indefinitely — indeed even after an account is terminated. Why? What limits are you considering imposing? In particular, when an account is terminated, why isn’t this information deleted as soon as pending charges or other transactional disputes are resolved?”


“Where in your privacy policy do you address the ‘limited set of legitimate business uses’ that may justify employees’ access to riders’ and drivers’ data, including sensitive geolocation data?”


Today, Uber has begun the process of acting like it gives a damn about its customers’ data and privacy, with the hire of Harriet Pearson, one of the longest-serving chief privacy officers in the Fortune 500 and an internationally recognized data privacy and security pioneer. Pearson joined Hogan Lovells in 2012 following her work at IBM, where she served as Vice President, Security Counsel and Chief Privacy Officer and was responsible for global information policies and practices for the company’s over 400,000 employees, plus thousands of vendors and clients.

She is now a partner in the Washington, D.C. office of Hogan Lovells, where she focuses on privacy and cybersecurity.


Says Uber, in a blog post:

Our business depends on the trust of the millions of riders and drivers who use Uber. The trip history of our riders is important information and we understand that we must treat it carefully and with respect, protecting it from unauthorized access.

Ensuring that we have strong policies and practices in this fast-paced world of technology must be a constant quest. We have added Harriet Pearson, one of the most respected data privacy experts in the world and her colleagues at Hogan Lovells, to Uber’s privacy team. Hogan Lovells will conduct an in-depth review and assessment of our existing data privacy program and recommend any needed enhancements so that Uber can ensure that we are a leader in the area of privacy and data protection.

We’ve learned a lot in four and a half years and want to continue to improve on the innovative tools that help us deliver on our mission of providing safe, reliable, affordable transportation to anyone, anywhere, at any time.

Of course a company likes Uber would have a need for tools that allow it to analyze and track its cars and their trips. After all, the system that routes cars efficiently to customers who connect with the transportation network via a mobile app is Uber’s big technology play. But as a fast-growing company, Uber may have forgotten that users are not 1’s and 0’s to plug into its algorithms, but real, live people who need their privacy and location data to be protected, housed only as long as necessary and certainly not indefinitely after their account’s closure. That data shouldn’t be used for the entertainment of party goers, either.