Uber · Uber Privacy Notice

Biometric Identity Verification Data Collection

High severity
Share 𝕏 Share in Share

What it is

Uber collects your photo and uses facial recognition technology to verify your identity both when you sign up and periodically while you're actively driving — this is called Real-Time ID Check.

Consumer impact (what this means for users)

Uber collects your facial biometric data via Real-Time ID Checks during active driving sessions, meaning your face is being scanned and matched algorithmically on an ongoing basis — this data is subject to breach risk and triggers mandatory consent requirements under Illinois BIPA and GDPR that Uber must demonstrably satisfy.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Submit a biometric data deletion request at privacy.uber.com. Illinois residents may also have rights under BIPA to request destruction of biometric data — include a specific reference to biometric/facial recognition data in your request.

How other platforms handle this

Reddit Medium

We automatically collect information as you use our Services. This includes: Logs Data - We collect device and network connection information when you access and use the Services. This may include your IP address, user-agent string, browser type, operating system, referral URLs, device information (...

TikTok Medium

apiName: getBattery, apiObj: navigator, apiType: method, block: false, sampleRate: 0.00005, stackRate: 0

Glassdoor Medium

If you use our chat feature, we and our service providers may record your chats and keep transcripts.

See all platforms with this clause type →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Facial recognition and biometric data are among the most sensitive personal data categories under law — once compromised, they cannot be changed, and collection without proper consent violates Illinois BIPA and GDPR Art. 9.

View original clause language
Uber collects identity verification photos and, in some markets, uses facial verification technology to confirm driver identity. This includes photos submitted during onboarding and Real-Time ID Check photos taken during active use of the platform. Uber processes this biometric data to verify that the account holder is the person using the app, to maintain platform safety, and to comply with regulatory requirements in certain jurisdictions.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: Biometric data collection directly implicates Illinois BIPA 740 ILCS 14/1 et seq., which requires written informed consent, a publicly available retention schedule, and prohibits sale or profit from biometric data; Texas CUBI (Bus. & Com. Code §503.001); Washington My Health MY Data Act (for health-adjacent biometrics); GDPR Art. 9(1) (explicit consent required for biometric data used for unique identification); CCPA/CPRA definition of sensitive personal information (§1798.140(ae)(1)(B)); and EU AI Act provisions on biometric identification systems.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC has authority over deceptive biometric data practices under Section 5 FTC Act and issued a 2023 policy statement on biometric information and consumer harm.
    File a complaint →
  • State AG
    Illinois Attorney General enforces BIPA; Texas AG enforces CUBI; multiple state AGs have authority over biometric data practices under state consumer protection statutes.
    File a complaint →

Applicable regulations

EU AI Act
European Union
BIPA
Illinois, USA
CCPA/CPRA
California, USA
COPPA
United States Federal
CAN-SPAM
United States Federal
DMA
European Union
FCRA
United States Federal
GDPR
European Union
GLBA
United States Federal
HIPAA
United States Federal
TCPA
United States Federal
UK GDPR
United Kingdom

Provision details

Document information
Document
Uber Privacy Notice
Entity
Uber
Document last updated
March 14, 2026
Tracking information
First tracked
April 9, 2026
Last verified
April 9, 2026
Record ID
CA-P-002468
Document ID
CA-D-00110
Evidence Provenance
Source URL
https://www.uber.com/global/en/privacy-notice-drivers-delivery-people/
Wayback Machine
View archived versions →
SHA-256
da455350bcd5c09edc54361c40211ba929e95e035f6c5586acadc0ab4cefcd8f
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Uber | Document: Uber Privacy Notice | Record: CA-P-002468
Captured: 2026-04-09 09:01:00 UTC | SHA-256: da455350bcd5c09e…
URL: https://conductatlas.com/platform/uber/uber-privacy-notice/biometric-identity-verification-data-collection/
Accessed: April 29, 2026
Classification
Severity
High
Categories
Data collection

Other provisions in this document

Related Analysis