In some locations, Uber may collect facial or other biometric data to verify user identity, depending on local law requirements.
This analysis describes what Uber's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Biometric data including facial recognition data is classified as a specially sensitive category in several jurisdictions and carries heightened legal protections; collection or processing of this data without proper consent or notice may engage specific statutory obligations.
Interpretive note: The notice does not specify which jurisdictions biometric data is collected in, which consent mechanism is used, or whether collection applies to riders as well as drivers, creating uncertainty about the practical scope of this provision.
The notice states that Uber may collect biometric data in certain jurisdictions, which depending on the user's location could include facial verification data. Users in jurisdictions with biometric-specific laws such as Illinois, Texas, or Washington should be aware that this data category carries additional legal protections.
How other platforms handle this
When you visit the Careers portion of our websites, we collect the information that you provide to us in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history and other in...
American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons. Due to the nature of our Services, we may collect travel i...
We may collect information about your location, including precise geolocation information, when you use our Services. We use this information to provide location-based services, such as showing you products available in your area, and for other purposes described in this Privacy Policy.
Monitoring
Uber has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Uber may collect biometric data including facial verification data in certain jurisdictions for identity verification of drivers and, in limited circumstances, riders or order recipients, subject to applicable law.— Excerpt from Uber's Uber Privacy Notice
1. REGULATORY LANDSCAPE: Biometric data collection is specifically regulated under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act, and Washington's biometric privacy law. GDPR classifies biometric data used for unique identification as a special category requiring explicit consent under Article 9. The CCPA and CPRA also classify biometric information as sensitive personal information with associated opt-out and limitation rights. 2. GOVERNANCE EXPOSURE: High in jurisdictions with biometric-specific statutes. BIPA in particular provides a private right of action and has generated significant litigation. The notice's statement that biometric data collection occurs 'in certain jurisdictions' and 'subject to applicable law' does not specify which jurisdictions or what consent mechanisms are employed, which creates compliance uncertainty. 3. JURISDICTION FLAGS: Illinois represents the highest exposure jurisdiction due to BIPA's private right of action for violations including failure to obtain informed written consent and failure to maintain a compliant retention and destruction policy. Texas and Washington create additional statutory exposure. EU/EEA users require explicit consent for biometric processing under GDPR Article 9. 4. CONTRACT AND VENDOR IMPLICATIONS: Any vendor involved in biometric data processing on behalf of Uber should be subject to a BIPA-compliant written agreement including data protection requirements. B2B agreements that involve employee identity verification via Uber should confirm whether biometric data is collected and under what legal basis. 5. COMPLIANCE CONSIDERATIONS: A compliant biometric data program under BIPA requires a publicly available written retention schedule, a written policy for destruction, and informed written consent prior to collection. Legal teams should confirm these are in place for any US jurisdiction where biometric collection occurs. GDPR compliance requires a documented lawful basis under Article 9 for any EU-based biometric processing.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Biometric data including facial recognition data is classified as a specially sensitive category in several jurisdictions and carries heightened legal protections; collection or processing of this data without proper consent or notice may engage specific statutory obligations.
The notice states that Uber may collect biometric data in certain jurisdictions, which depending on the user's location could include facial verification data. Users in jurisdictions with biometric-specific laws such as Illinois, Texas, or Washington should be aware that this data category carries additional legal protections.
ConductAtlas has identified this type of provision across 18 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Uber.