FTC tightens reins around Uber following 2016 breach
The Federal Trade Commission will expand its oversight of Uber following the disclosure of its improper withholding of a 2016 security breach that exposed sensitive data for more than 25 million users.
The ride-hailing service was already bound to an agreement reached last year requiring it to undergo privacy audits every two years for the next two decades. The settlement also required Uber to implement a comprehensive privacy program that protected the personal information the company collected.
The 2017 agreement settled FTC charges that Uber misrepresented the level of access its employees had to user data and the steps it took to secure that data. Following reports in 2014 that Uber employees used an administrative tool internally dubbed God-view to monitor active Uber cars and customers—and sometimes observed specific users' locations for amusement—Uber promised to use a newly created system to monitor and restrict employee access to such information. Last year's FTC charges stemmed, in part, from Uber ending use of that system less than a year after it was put in place.