Uber collects selfie photos and images of government-issued ID documents from drivers and delivery people for identity verification purposes. This facial imagery is processed to confirm your identity before and during your use of the platform.
Facial imagery is biometric data under Illinois BIPA and similar laws, and its collection without explicit written consent and a published retention/destruction policy creates significant litigation exposure — BIPA allows statutory damages of $1,000 to $5,000 per violation with class action potential.
REGULATORY FRAMEWORK: Illinois BIPA (740 ILCS 14/1 et seq.) Sections 15(a)-(e) require written consent, published retention/destruction policy, and prohibit sale or profit from biometric identifiers. Texas CUBI (Tex. Bus. & Com. Code §503.001) and Washington My Health MY Data Act (where health inferences are possible) may also apply. GDPR Article 9(1) classifies biometric data used for unique identification as special category data requiring explicit consent (Article 9(2)(a)) or another Article 9(2) exception. Enforcement: Illinois AG and private plaintiffs (BIPA), EU DPAs (GDPR Article 9).
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Uber collects highly sensitive data from drivers and delivery people including continuous GPS location (even in background), facial images, government ID documents, vehicle telematics, and financial account details, and shares this data with insurers, background check providers, law enforcement, and research partners. Drivers have limited ability to restrict data collection tied to core platform functionality, meaning much of this data collection is a condition of using the platform. You can submit a data access, deletion, or portability request through the Privacy Settings section of the Uber Driver app or at Uber's dedicated privacy portal.