If you drive for Uber, the Privacy Notice authorizes the collection of your location, braking patterns, device handling, facial verification data, and driving record updates. These data collection practices are detailed in the Uber Privacy Notice, which most drivers may not have reviewed in full.
ConductAtlas has indexed every high-severity provision in the Uber Privacy Notice. Here is what it actually says.
Continuous background location tracking
Uber collects your precise GPS location continuously while the driver app is open, including when it is running in the background on your device. This means Uber knows where you are between trips, before trips, and after trips, as long as the app is open.
This is standard for rideshare platforms but the scope is broader than most drivers realize. The data is used for routing, safety monitoring, and sharing with third parties including insurance companies and fleet operators.
Biometric identity verification
Uber uses a feature called Real-Time ID Check that requires drivers to periodically submit a selfie photo, which is then matched against their profile using facial recognition technology. This is biometric data collection under laws like BIPA in Illinois, which requires explicit consent and has strict retention limits.
The biometric data may be processed by third-party providers. Drivers in Illinois and other states with biometric privacy laws should be aware of their rights under those statutes.
Telematics and driving behavior monitoring
Uber collects data about how you drive including speed, acceleration, braking patterns, and phone handling through sensors in your mobile device. This telematics data is used alongside passenger ratings to evaluate your performance and can affect your account standing.
The data is shared with insurance companies and fleet operators. If you drive for a fleet, your employer may have access to your telematics profile.
Automated decision-making and account deactivation
Uber uses automated systems to make decisions about driver accounts, including deactivation, based on performance data, ratings, safety scores, and policy violations. The agreement authorizes these systems to restrict or deactivate accounts based on automated assessments. Whether human review occurs before deactivation is not specified in the terms. Labor regulations, gig economy legislation, and GDPR Article 22 (for EU users) may impose requirements around automated decision-making that constrain how this authority is exercised in practice.
This is rated high severity in the ConductAtlas archive. Automated deactivation with limited appeal rights is one of the most significant risks for gig workers who depend on platform access for their income.
Law enforcement data sharing
Uber may share your personal data, including location history and trip records, with law enforcement, government agencies, and courts in response to legal requests, and may do so without notifying you first.
The provision does not specify a minimum threshold for compliance with law enforcement requests. Drivers should be aware that their trip history and location data can be accessed by authorities without their knowledge.
What gig workers and legal teams should know
For individual drivers, the most actionable provisions are the biometric data collection and automated deactivation clauses. Drivers in Illinois, Texas, Washington, and other states with biometric privacy laws may have specific rights around facial recognition data collection and retention.
For employment lawyers and gig economy researchers, the Uber Privacy Notice documents a comprehensive surveillance regime that is material to independent contractor classification debates. The depth of behavioral monitoring described in the notice is inconsistent with the arms-length relationship typically associated with independent contractor status.
ConductAtlas tracks every version of the Uber Privacy Notice with full change history, SHA-256 verification, and provision-level analysis.