Uber to stop storing precise location pick-ups/drop-offs in driver logs
Uber is planning to tweak the historical pick-up and drop-off logs that drivers can see in order to slightly obscure the exact location, rather than planting an exact pin in it (as now). The idea is to provide a modicum more privacy for users while still providing drivers with what look set to be remain highly detailed trip logs.
The company told Gizmodo it will initially pilot the change with drivers, but intends the privacy-focused feature to become the default setting “in the coming months”.
Earlier this month Uber also announced a complete redesign of the drivers’ app — making changes it said had been informed by “months” of driver conversations and feedback. It says the pilot of location obfuscation will begin once all drivers have the new app.
The ride-hailing giant appears to be trying to find a compromise between rider safety concerns — there have been reports of Uber drivers stalking riders, for example — and drivers wanting to have precise logs so they can challenge fare disputes.
“Location data is our most sensitive information, and we are doing everything we can do to protect privacy around it,” a spokesperson told us. “The new design provides enough information for drivers to identify past trips for customer support issues or earning disputes without granting them ongoing access to rider addresses.”
In the current version of the pilot — according to screenshots obtained by Gizmodo — the location of the pin has been expanded into a circle, so it’s indicating a shaded area a few meters around a pick-up or drop-off location.
According to Uber the design may still change, as is said it intends to gather driver feedback. We’ve asked if it’s also intending to gather rider feedback on the design.
Asked whether it’s making the change as part of an FTC settlement last year — which followed an investigation into data mishandling, privacy and security complaints dating back to 2014 and 2015 — an Uber spokesman told us: “Not specifically, but user expectations are shifting and we are working to build privacy into the DNA of our products.”
Earlier this month the company agreed to a revised settlement with the FTC, including agreeing that it may be subject to civil penalties if it fails to notify the FTC of future privacy breaches — likely in light of the 2016 data breach affecting 57 million riders and drivers which the company concealed until 2017.
An incoming update to European privacy rules (called GDPR) — which beefs up fines for violations and applies extraterritorially (including, for example, if an EU citizen is using the Uber app on a trip to the U.S.) — also tightens the screw on data protection, giving individuals expanded rights to control their personal information held by a company.
A precise location log would likely be considered personal data that Uber would have to provide to any users requesting their information under GDPR, for example.
Although it’s less clear whether the relatively small amount of obfuscation it’s toying with here would be enough to ensure the location logs are no longer judged as riders’ personal data under the regulation.
Last year the company also ended a controversial feature in which its app had tracked the location of users even after their trip had ended.