The policy states that Uber collects precise or approximate GPS location from users' devices both when the app is open on-screen and when it is running in the background, and uses this data to provide ride and delivery services as well as location-based platform features.
This analysis describes what Uber's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes a continuous location data collection mechanism that operates even when the app is not actively in use, creating an ongoing data stream associated with each user's device. The scope of background collection is operationally significant for data minimization assessments under GDPR and for compliance with state-level location data protection frameworks.
Under this clause, Uber collects device location data continuously during app use, including background operation, meaning location data is gathered beyond the duration of active trips or delivery sessions. Users can limit background location collection through their device operating system's location permission settings.
How other platforms handle this
We collect information about your location, such as data from your device's GPS or IP address, when you use our products.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
Monitoring
Uber has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect precise or approximate location data from riders' and order recipients' mobile devices if they permit us to do so. Uber collects this data when the Uber app is running in the foreground (app open and on-screen) or background (app open but not on-screen) of their device. We use this data to enable rides and deliveries, and for Uber's location-based features such as automatic address entry, providing estimated times of arrival, tracking trip progress, and other features.— Excerpt from Uber's Uber Privacy Notice
1. REGULATORY LANDSCAPE: Background location data collection implicates GDPR Article 5 data minimization and purpose limitation principles, and may require evaluation under national implementations of the ePrivacy Directive in EU member states. In the United States, the FTC has taken enforcement positions on undisclosed or excessive location data collection. State-level frameworks including California's CPRA and emerging state privacy laws in Virginia, Colorado, and Connecticut treat precise geolocation as sensitive personal data requiring heightened disclosure or consent. 2. GOVERNANCE EXPOSURE: High. Continuous background location collection creates a persistent data stream linked to individual users that extends beyond transactional necessity. The breadth of this collection may require documented legitimate interest assessments or explicit consent records under GDPR, and category-specific disclosures under CCPA for sensitive personal information. 3. JURISDICTION FLAGS: EU and UK users have the strongest basis to challenge continuous background collection under data minimization principles. California residents have explicit rights regarding sensitive personal information including precise geolocation under CPRA. Illinois, Texas, and Washington impose additional requirements on biometric and location data in some contexts. Users in jurisdictions with sector-specific location data protections may face different analytical frameworks. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying Uber for Business accounts should assess whether employee location data collected via background tracking intersects with workplace privacy obligations or works council consultation requirements in applicable jurisdictions, particularly in EU member states. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should review whether device-level location permission prompts adequately disclose background collection to satisfy informed consent standards under applicable law. Data mapping documentation should reflect location data as a sensitive personal information category with its own retention and processing records.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes a continuous location data collection mechanism that operates even when the app is not actively in use, creating an ongoing data stream associated with each user's device. The scope of background collection is operationally significant for data minimization assessments under GDPR and for compliance with state-level location data protection frameworks.
Under this clause, Uber collects device location data continuously during app use, including background operation, meaning location data is gathered beyond the duration of active trips or delivery sessions. Users can limit background location collection through their device operating system's location permission settings.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Uber.