Uber · Uber Privacy Notice

Data Subject Rights (GDPR and CCPA)

Medium severity
Share š• Share in Share

What it is

Drivers in the EU, UK, California, and certain other jurisdictions have rights to access, correct, delete, and port their personal data, as well as rights to object to certain types of processing including automated decision-making.

Why it matters

These rights give you meaningful control over your personal information, including the ability to know what Uber holds about you, correct inaccuracies, and in some cases have your data deleted.

Institutional analysis (Compliance & legal intelligence)

The rights enumerated cover GDPR Articles 15-22 and CCPA Sections 1798.100-1798.125. Compliance teams should verify response time compliance (30 days GDPR / 45 days CCPA), identity verification procedures that do not create excessive barriers, and the adequacy of appeal mechanisms for denied requests. The California Privacy Rights Act (CPRA) amendments require particular attention regarding correction and sensitive data rights.

šŸ”’

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Consumer impact

Uber collects extensive personal data from drivers and delivery people including precise real-time location, driving behavior via telematics, financial information, and biometric facial verification data, which is shared with insurers, advertisers, government authorities, and third-party business partners. Drivers in certain jurisdictions have limited ability to opt out of some data collection as it is essential to platform operation, but they retain rights to access, correct, and in some cases delete their data. You can submit data access or deletion requests through the Uber app under Settings > Privacy > Manage Your Data.

What you can do

āš ļø These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Visit privacy.uber.com, sign in with your Uber account, and select your applicable rights (access, correction, deletion, or data portability). Submit your request and Uber must respond within 30 days (GDPR) or 45 days (CCPA).
  • Delete Your Data
    Open the Uber Driver app, navigate to Settings, select Privacy, then Manage Your Data, and submit a deletion request for your personal information.

Applicable agencies

  • State AG
    The California Attorney General and California Privacy Protection Agency enforce CCPA/CPRA data subject rights, including the right to deletion and opt-out of data sharing.
    File a complaint →
  • FTC
    The FTC can take action against companies that fail to honor stated privacy commitments including data subject right responses.
    File a complaint →

Provision details

Document information
Document
Uber Privacy Notice
Entity
Uber
Document last updated
March 14, 2026
Tracking information
First tracked
March 24, 2026
Last verified
March 24, 2026
Record ID
CA-P-00110009
Document ID
CA-D-00110
Evidence Provenance
Source URL
https://www.uber.com/global/en/privacy-notice-drivers-delivery-people/
Wayback Machine
View archived versions →
SHA-256
265fa2ed2281c8292270824f072c7e56bbdd41c7a53c807ffd839d84a02b664a
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Uber | Document: Uber Privacy Notice | Record: CA-P-00110009
Captured: 2026-03-24 07:35:11 UTC | SHA-256: 265fa2ed2281c829ā€¦
URL: https://conductatlas.com/platform/uber/uber-privacy-notice/data-subject-rights-gdpr-and-ccpa/
Accessed: April 4, 2026
Classification
Severity
Medium
Categories
Privacy Consent Data sharing Dispute resolution

Other provisions in this document