Uber may share driver and delivery person data with research organizations, academic partners, and analytics companies, including aggregated or de-identified data about platform activity, safety patterns, and service usage.
Even 'de-identified' or 'aggregated' data shared with third-party researchers can sometimes be re-identified, particularly when it includes granular location data, and this secondary use of your data provides no direct benefit to you.
REGULATORY FRAMEWORK: GDPR Article 5(1)(b) requires that data not be processed for purposes incompatible with the original collection purpose — research use requires compatibility assessment or explicit consent (Article 89 research exemptions may apply for legitimate scientific research but are narrow). CCPA/CPRA §1798.140(e) defines research uses and associated exemptions, but these apply to bona fide research meeting specific criteria. FTC guidance on de-identification (2012 Privacy Report) establishes that de-identification must be robust and include contractual non-re-identification obligations. Enforcement: EU DPAs, CPPA, FTC.
Compliance intelligence locked
Regulatory citations, enforcement risk, and due diligence action items.
Watcher: regulatory citations. Professional: full compliance memo.
Uber collects highly sensitive data from drivers and delivery people including continuous GPS location (even in background), facial images, government ID documents, vehicle telematics, and financial account details, and shares this data with insurers, background check providers, law enforcement, and research partners. Drivers have limited ability to restrict data collection tied to core platform functionality, meaning much of this data collection is a condition of using the platform. You can submit a data access, deletion, or portability request through the Privacy Settings section of the Uber Driver app or at Uber's dedicated privacy portal.