Uber collects facial images from drivers to verify identity through its Real-Time ID Check feature, which uses automated facial recognition technology to confirm that the person using the app matches the registered account holder.
Biometric data is among the most sensitive personal information and, unlike a password, cannot be changed if compromised. Drivers must submit to this verification to remain active on the platform.
Collection of biometric identifiers triggers obligations under Illinois BIPA, Texas CUBI, Washington MY Health MY Data Act, and GDPR Article 9 (special category data). Disclosure of biometric data to third-party vendors without explicit written consent may expose Uber to statutory damages under BIPA. Compliance teams should verify adequacy of consent mechanisms and data retention limits for biometric data.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Uber collects extensive personal data from drivers and delivery people including precise real-time location, driving behavior via telematics, financial information, and biometric facial verification data, which is shared with insurers, advertisers, government authorities, and third-party business partners. Drivers in certain jurisdictions have limited ability to opt out of some data collection as it is essential to platform operation, but they retain rights to access, correct, and in some cases delete their data. You can submit data access or deletion requests through the Uber app under Settings > Privacy > Manage Your Data.