Franken: Uber still has work to do to protect privacy

WASHINGTON – Uber, the popular ride-share service that is upending the taxi industry, has had its share of bad P.R. lately.

It was kicked out of France after an uprising of cabdrivers. It came under fire earlier this week for its "surge pricing" in Australia after drivers quadrupled fares for people attempting to flee a hostage situation.

Now Uber is running into a buzz saw in Washington: Sen. Al Franken.

For the last month the senator has pressed the company to be more transparent and accountable in how it handles the data associated with its burgeoning number of passengers around the world.

"My biggest concern is that they seem to have no policy," said Franken, who chairs a subcommittee on Privacy, Technology, and the Law. "They have all this very sensitive data and they seem to have absolutely no real privacy policy."

On Monday evening, Uber delivered a three-page letter about its privacy practices to Franken that he said fell far short of how he expects the company to handle critically private information — including when and where customers take cars and how long the company hangs on to personal rider information.

"Uber has always had a strong culture of protecting rider information, and Uber prohibits employees from accessing rider personal information except for legitimate business purposes," the letter said.

"I am concerned about the surprising lack of detail in their response," Franken said. "Geolocation data is sensitive data. It's where you go to church, it's where you go to the doctor, how you spent your weekend."

Uber, which uses cellphones and surge pricing to mobilize cars instantly to meet demand, has mushroomed since its 2009 launch, and now operates in every major U.S. city and 52 countries worldwide. Its staff has swelled from 400 to about 2,400 and in June its valuation was set at $18 billion.

The company acknowledged in its letter to Franken that the rapid growth means it has had to employ additional internal policies to protect riders' information.

Uber also insisted that its so-called God View — a real-time aerial view of the movement of cars and riders — was crucial to Uber's operations teams, but as of a year ago, the individual passenger information was no longer shared with third parties, such as other businesses.

Franken's request for clarification came in the wake of reports that some employees threatened to publicize data about journalists writing critical stories about Uber.

Franken said the company's response was unsatisfying.

"Quite frankly, they did not answer many of the questions I posed directly to them," he said.

Car-sharing and transportation companies are the latest frontiers in Franken's battle to protect consumer privacy in an ever-evolving technological world that increasingly relies on geolocation tracking devices and stored credit card information to serve consumers.

In 2011, he pressured Apple and Google to be more transparent about their respective privacy policies — particularly the way Apple uses its consumers' location information. In 2013, Franken requested a Government Accountability Office report on how automakers used private data collected from onboard navigation systems. Earlier this year, Franken challenged the app "NameTag" because it allowed strangers to get personal information — including a person's name, photos and dating website profiles — simply by looking at a person with a Google Glass device.

"This is really just an incredible rate of change, and the acceleration of technology in all these spaces is really amazing," Franken said.

Lyft has not yet officially responded to Franken, but spokeswoman Paige Thelen said in an e-mail she shared the senator's "dedication to keeping consumers and their information safe. … The respect and rights of our users are at our core as a company and we look forward to discussing this important issue and Lyft's commitment to consumer privacy in depth."

Franken, who says he sometimes takes Uber when his wife calls a car from the app on her cellphone, said he doesn't cut the companies any slack for being new — or even experimental.

"They are people who are operating in this space and this space has certain kind of well-known privacy issues," he said. "I think it's kind of unbelievable that they didn't consider this. … It's not like they were making lumber before … and this was going to be all new to them."

Allison Sherry • 202-383-6120