What Private Information Did Uber Give the Government?

Between July and December 2015, Uber provided information on more than 11.6 million users and nearly 600,000 drivers to state and local regulatory agencies, the ride-sharing mobile app said Tuesday.

In its first-ever transparency report, the transportation company said it is required by law to provide certain information to government agencies, and has been asked to hand over information on trip requests, pickup and drop-off locations, and fees. Uber says it was able to negotiate “a narrower scope,” limiting the amount of information provided than was requested by regulatory agencies, for more than 42 percent of requests. In those cases, Uber deemed the request went beyond what was legally required or the information was personally or commercially sensitive. In its report, Uber lists the California Public Utilities Commission and the New Orleans Department of Safety and Permits as examples of regulatory agencies.

The company says it has “[defended] ourselves in legal proceedings before the agency or in court” in order to limit the amount of information it has released.

Customers in California were most affected by requests from regulators; there, Uber handed over information on 5.4 million riders and 299,000 drivers to local regulatory agencies. In New York City, Uber said it tried unsuccessfully to narrow the amount of information regulators requested for nearly 2.9 million users and 37,000 drivers. However, in Chicago, Uber reported it limited the scope for nearly 1.7 million users and 95,000 drivers, providing less information than requested.

During that time period, state and federal law enforcement requested information on 408 riders and 205 drivers. Uber, however, only fully complied with 32 percent of requests, while partially complying with 53 percent of requests.

In 30 “emergency” situations, in which there was “an imminent threat of harm to a rider or driver,” Uber has released information to law enforcement without going through the legal process. However, on all other occasions, Uber requires subpoenas, search warrants, or court orders before providing law enforcement with information on specific trips, riders, and drivers.

Most law-enforcement requests for information related to investigations into fraud or stolen credit cards, Uber said. The company has also responded to cases involving driver and rider safety. Uber has not received any requests for investigations into national security.

Uber has faced criticism in the last year over major data breaches, which compromised personal information for around 50,000 drivers. The company says it has taken several steps to quell concerns and shore up security. But the transparency report could stir up concern that personal information of drivers and riders aren’t quite as secure as people previously thought.

Following the Edward Snowden leaks in 2013 that exposed court orders to Verizon to hand over call data, various companies have attempted to reassure their customers that they do not provide their information in bulk to government agencies. Right after those leaks, Facebook CEO Mark Zuckerberg said, “When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law.” Uber, in the same vein, is attempting to show its customers that it takes information requests on a case-by-case basis.

Uber said Tuesday hopes to provide similar analysis of its cooperation with regulators and law enforcement outside the United States, as well. Uber operates in over 60 countries. However, the company hasn’t always been greeted warmly abroad, with protests breaking out this year in France and Brazil and drivers attacked in Kenya in February, among other nations.