Your personal data may be sent to and stored in the United States or other countries with different — potentially weaker — privacy laws, with Uber relying on Standard Contractual Clauses to make such transfers legal under EU law.
Your most sensitive personal data — including biometric identifiers, criminal history, and real-time location — may be transferred to and stored in the United States where it is subject to US federal surveillance authorities, with limited ability for EU/UK drivers to challenge such access.
How other platforms handle this
To collect, store, hold and manage your personal information through cloud based or hosting services or a third party or a party affiliated or connected to Waze, as reasonable for business purposes, which may be located in the European Union and the U.S.A., potentially countries outside of your juri...
Regardless of where you use our Services, the information collected as part of that use will be transferred to and maintained on servers located in the United States. By using our Services, you consent to this collection, transfer, storage, and processing of information to and in the United States.
Stripe operates globally and may transfer your Personal Data to countries outside your home country, including to the United States. We rely on various legal mechanisms to facilitate these transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, the EU-U.S. Data ...
Cross-border transfers of sensitive driver data (including biometrics, criminal records, and location data) to the US mean this data is subject to US government surveillance programs and may have less robust legal protection than in the EU — Standard Contractual Clauses alone may not fully address this risk post-Schrems II.
REGULATORY FRAMEWORK: Cross-border transfers from EEA are governed by GDPR Chapter V (Arts. 44-49); Standard Contractual Clauses (SCCs) must be the 2021 European Commission modernised SCCs following the CJEU's Schrems II ruling (C-311/18). The EU-US Data Privacy Framework (DPF, effective July 2023) provides an adequacy decision for DPF-certified US companies, but its durability is legally uncertain. UK transfers require UK International Data Transfer Agreements (IDTAs) or UK addendum to EU SCCs. Swiss transfers require Swiss-approved mechanisms. GDPR Art. 46 governs appropriate safeguards; Art. 49 permits derogations only in limited circumstances.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.