Uber failed to honor its promise to closely monitor employees' ability to access consumers' geolocation data, the Federal Trade Commission alleged in a complaint against the ride-sharing service unveiled Tuesday.
The FTC also alleged that Uber failed to provide reasonable security for its drivers' and users' sensitive data -- including names, driver's license numbers, bank account details and Social Security numbers -- resulting in a data breach that affected more than 100,000 drivers.
“This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honor your privacy and security promises,” Acting FTC Commissioner Maureen Ohlhausen stated Tuesday. She elaborated in a telephone call with the media that the "only way companies can compete on privacy" is by following the promises they make in their privacy policies.
Uber's privacy practices came in for criticism in November 2014, when it emerged that the company had an internal tool, "God View," that gave employees access to customers' geolocation data while en route.
Despite that promise, between August of 2015 and May of 2016, Uber allegedly failed to follow up on alerts about the "potential misuse of consumer personal information," according to the FTC.
For part of that time, Uber also only monitored account information for "a set of internal high-profile users, such as Uber executives," the FTC alleged.
An Uber spokesperson says the company now employes "hundreds of trained professionals dedicated to protecting user information."
The spokesperson adds: "This settlement provides an opportunity to work with the FTC to further verify that our programs protect user privacy and personal information.”