Delete Uber if you want, but it still has your data

The ongoing uproar over the ethically challenged Uber has brought about calls to delete the service. And to my surprise, some people are actually doing this: I’ve already seen a few friends boast on Facebook that their Uber app is no more.

Leaving aside the question of whether these folks will return (my hunch is yes), the more interesting issue turns on the fact that it’s basically impossible to “delete” Uber in the first place.

While you can remove Uber’s app from your phone and submit a request to delete your account, you’re never really gone for good. I’ve pointed before to Uber’s privacy policy, which spells out that the company can keep your data — your ride history, your locations, all of it — as Uber sees fit and for as long as it likes:

Even after your account is terminated, we will retain your Personal Information and Usage Information (including geo-location, trip history, credit card information and transaction history) as needed to comply with our legal and regulatory obligations, resolve disputes, conclude any activities related to cancellation of an account (such as addressing chargebacks from your credit card companies), investigate or prevent fraud and other inappropriate activity, to enforce our agreements, and for other business reason. [emphasis mine]

“So what?” some might ask. After all, the feature that is currently freaking people out is Uber’s “God view,” which lets employees view every rider in real time. Historical data feels less dangerous.

The problem, however, is not so much Uber but what others might do with that data. According to lawyer Lee Tien of the Electronic Frontier Foundation, data retention turns companies like Uber into magnets for government snooping.

“We have urged companies that they shouldn’t reflexively keep customer data, and instead should get rid of it or safely de-identify it (a topic of its own) after it’s no longer needed,” Tien said in an email. “It creates both privacy and security problems.”

Government is just one part of the privacy problem. Uber’s customer logs (especially records showing where and when someone traveled) are also likely to provide a rich trove for divorce lawyers, employment investigators and a variety of civil lawsuits. [company]Facebook[/company], [company]Google[/company] and others are already popular targets for such subpoenas — it seems only a matter of time till they reach car services too.

Even though Uber’s policy states also states that “your data may be anonymized and aggregated” [my emphasis] after time, it provides no details about when or how that may take place. I asked the company to provide details, but a spokesperson just referred me a blog post that doesn’t address the issue.

It’s not entirely fair, of course, to single out Uber out over all this. After all, the privacy of other ride-sharing services appear to be no better.

But the fact that it’s impossible to “delete Uber” at all supports the venture capitalist Mark Suster’s view that, despite the fuss over Uber’s knuckle-headed business and PR tactics, it is the privacy issues that matter most.