Uber operates globally and may transfer your personal data to countries with different levels of privacy protection than your home country, relying on legal transfer mechanisms such as standard contractual clauses.
This analysis describes what Uber's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause establishes the operational framework for Uber's global data architecture, specifying that personal data collected in one jurisdiction may be processed, stored, or accessed in other jurisdictions. The provision sets out the compliance mechanisms—standard contractual clauses and law-required safeguards—that govern these transfers.
Interpretive note: The notice references 'appropriate safeguards' without specifying the transfer mechanism used for each data flow, and the ongoing legal validity of certain transfer frameworks (notably the EU-US Data Privacy Framework) remains subject to potential legal challenge.
If you are an EU or UK user, your Uber trip, location, and payment data may be transferred to the United States or other countries outside the EEA, where your data protection rights under GDPR may not automatically apply unless specific transfer safeguards are in place.
How other platforms handle this
Epic Games, Inc. is headquartered in Cary, North Carolina. We and our subsidiaries have offices and operations located around the world that help create and deliver some of your favorite products and services, including games like Fortnite and developer tools like Unreal Engine.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, please note that we transfer your personal data to countries outside of these regions, including the United States, which may not provide the same level of data protection as your home country. We rely on app...
Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those of your jurisdiction.
Monitoring
Uber has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Uber is a global business. We may transfer personal data to countries other than the country in which the data was originally collected. We use standard contractual clauses and other appropriate safeguards as required by applicable law to facilitate international transfers of personal data.— Excerpt from Uber's Uber Privacy Notice
REGULATORY LANDSCAPE: GDPR Chapter V governs international data transfers from the EU/EEA, requiring either an adequacy decision, standard contractual clauses (SCCs), binding corporate rules, or another approved transfer mechanism. The UK GDPR imposes equivalent requirements with UK-specific mechanisms (International Data Transfer Agreements). The EU-US Data Privacy Framework, adopted in 2023, provides an adequacy basis for transfers to certified US organizations, but its ongoing validity has been subject to legal challenge. The Irish Data Protection Commission is the primary supervisory authority for Uber's EU transfers. GOVERNANCE EXPOSURE: Medium. Reliance on standard contractual clauses requires completion of transfer impact assessments (TIAs) under post-Schrems II requirements to assess whether the protections they afford are undermined by the law of the destination country. The notice's general reference to 'appropriate safeguards' without specifying the mechanism used for each transfer relationship may not satisfy GDPR transparency obligations fully. JURISDICTION FLAGS: EU/EEA and UK users face the most direct exposure from cross-border transfer practices. Transfers to countries without adequacy decisions require documented transfer mechanisms for each data flow. Some non-EU jurisdictions have their own data localization or transfer restriction requirements that may affect Uber's operations in those markets. CONTRACT AND VENDOR IMPLICATIONS: Enterprise clients and data processors receiving Uber data across borders should verify that appropriate transfer mechanisms are in place and that transfer impact assessments have been conducted. Contracts should specify the legal basis for cross-border transfers and include obligations to notify if the transfer mechanism is invalidated. COMPLIANCE CONSIDERATIONS: Compliance teams should maintain an up-to-date inventory of all cross-border data flows and the transfer mechanisms relied upon for each, including documentation of transfer impact assessments for SCC-based transfers. Any change in the legal status of transfer mechanisms (such as invalidation of the EU-US Data Privacy Framework) should trigger a rapid response protocol to identify alternative mechanisms.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause establishes the operational framework for Uber's global data architecture, specifying that personal data collected in one jurisdiction may be processed, stored, or accessed in other jurisdictions. The provision sets out the compliance mechanisms—standard contractual clauses and law-required safeguards—that govern these transfers.
If you are an EU or UK user, your Uber trip, location, and payment data may be transferred to the United States or other countries outside the EEA, where your data protection rights under GDPR may not automatically apply unless specific transfer safeguards are in place.
ConductAtlas has identified this type of provision across 78 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Uber.