INSUBCONTINENT EXCLUSIVE:
Uber is expanding the proposed settlement it made with the Federal Trade Commission last August pertaining to data mishandling, privacy and
security complaints that date back to 2014 and 2015
In August, Uber agreed to 20 years of privacy audits.That proposed settlement happened prior to Uber’s disclosure of the massive 2016 data
breach that affected some 57 million riders and drivers
Now, Uber will be subject to “additional requirements,” according to the FTC.“After misleading consumers about its privacy and
security practices, Uber compounded its misconduct by failing to inform the Commission that it suffered another data breach in 2016 while
the Commission was investigating the company’s strikingly similar 2014 breach,” Acting FTC Chairman Maureen K
Ohlhausen said in a statement
“The strengthened provisions of the expanded settlement are designed to ensure that Uber does not engage in similar misconduct in the
future.”As part of the revised settlement, Uber may be subject to civil penalties if it fails to notify the FTC of future privacy
Uber must also submit all third-party audits of the company’s privacy program, as well as retain records pertaining to bug bounty programs
that relate to unauthorized access to consumer data.“My first week at Uber was the week we disclosed the 2016 breach
When Dara Khosrowshahi joined the company, he committed on behalf of every Uber employee that we would learn from our mistakes, change the
way we did business and put integrity at the core of every decision we made,” Uber Chief Legal Officer Tony West said in a statement to
“Since then we have moved quickly to do just that by taking responsibility for what happened
I am pleased that just a few months after announcing this incident, we have reached a speedy resolution with the FTC that holds Uber
accountable for the mistakes of the past by imposing new requirements that reasonably fit the facts.”
