Depending on where you live, you may have legal rights to see, correct, delete, or limit the use of your personal data. EU and UK residents and California residents have the most extensive rights under this notice.
This analysis describes what Uber's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision identifies the rights available to users under GDPR and CCPA and provides mechanisms to exercise them, including opt-out of advertising data sharing for California residents and data deletion rights globally.
The notice states that EU, UK, and California users have specific rights to access, delete, or limit how their personal data is used, including the right to opt out of behavioral advertising data sharing. Users in other jurisdictions may have more limited rights depending on applicable local law.
How other platforms handle this
If you are located in the European Economic Area or the United Kingdom, you have certain rights under applicable data protection laws, including the right to access, correct, or delete your personal data, the right to object to or restrict processing, and the right to data portability. You may also ...
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
Depending on where you live, you may have certain rights with respect to your personal information. These rights may include: The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected i...
Monitoring
Uber has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Users in certain jurisdictions have specific rights with respect to their personal data. EU and UK users have the right to access, rectify, port, erase, or restrict the processing of their personal data, and to object to processing. California residents have the right to know what personal information is collected, to request deletion, to opt out of the sale or sharing of personal information, and to non-discrimination for exercising their rights.— Excerpt from Uber's Uber Privacy Notice
1. REGULATORY LANDSCAPE: GDPR rights are enforceable by EU/EEA supervisory authorities and the UK Information Commissioner's Office (ICO). CCPA and CPRA rights are enforceable by the California Privacy Protection Agency (CPPA) and the California Attorney General. The notice must satisfy rights disclosure requirements under both frameworks, including response timelines of 30 days under CCPA and one month under GDPR with extension provisions. 2. GOVERNANCE EXPOSURE: Medium. Rights request handling processes must be technically and operationally capable of responding within statutory deadlines. Failure to honor deletion or opt-out requests within required timelines creates direct enforcement exposure. The notice should be assessed to confirm that opt-out mechanisms for CCPA sharing are functional and that GDPR rights requests are routed to appropriate data controllers. 3. JURISDICTION FLAGS: EU/EEA users may escalate unresolved rights requests to their national supervisory authority. UK users may escalate to the ICO. California residents may file complaints with the CPPA. Brazil users have rights under LGPD enforced by the ANPD. India, Canada, and other jurisdictions provide varying levels of rights depending on applicable national law. 4. CONTRACT AND VENDOR IMPLICATIONS: Data processor agreements must include provisions enabling rights request fulfillment across Uber's vendor ecosystem. Any vendor holding user data on Uber's behalf must be capable of responding to deletion and access requests within required timelines. 5. COMPLIANCE CONSIDERATIONS: Rights request intake systems should be audited for completeness, including verification mechanisms that do not create barriers to access for rights-eligible users. Opt-out mechanisms for CCPA sharing must be clearly labeled and functional. GDPR data portability responses should be assessed for completeness relative to the data categories described in the notice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision identifies the rights available to users under GDPR and CCPA and provides mechanisms to exercise them, including opt-out of advertising data sharing for California residents and data deletion rights globally.
The notice states that EU, UK, and California users have specific rights to access, delete, or limit how their personal data is used, including the right to opt out of behavioral advertising data sharing. Users in other jurisdictions may have more limited rights depending on applicable local law.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Uber.