The policy states that Uber shares rider and order recipient personal data including name, pickup location, delivery address, and order details with drivers, delivery personnel, restaurants, and merchants as operationally necessary to fulfill requested services.
This analysis describes what Uber's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision identifies the operational data-sharing structure under which personal data including home or work addresses, order preferences, and identity information passes from Uber to independent contractor drivers and third-party merchant partners who operate outside Uber's direct employment or data governance structure.
Under this clause, each trip request results in disclosure of the rider's name and location to a driver, and each delivery order results in disclosure of delivery address and order details to the merchant. The data governance obligations applicable to these recipients are governed by Uber's contracts with those parties rather than directly by this policy.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Uber has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We share the information we collect with our service providers, professional services organizations, and with drivers, delivery persons, and other users as necessary to provide our services. For example, we share your name and pickup location with a driver when you request a ride, and we share your delivery location and order details with a restaurant or other merchant when you place an order.— Excerpt from Uber's Uber Privacy Notice
1. REGULATORY LANDSCAPE: Data sharing with independent contractor drivers and third-party merchants implicates GDPR controller-to-controller transfer obligations and the adequacy of the legal basis for sharing, as well as CCPA service provider versus third-party classification. Under GDPR, where drivers and merchants act as independent data controllers upon receipt of personal data, Uber's obligations to provide transparency about those downstream processing activities are heightened. 2. GOVERNANCE EXPOSURE: Medium. The policy does not describe the data processing obligations imposed on drivers or merchants by their contracts with Uber, creating uncertainty about the downstream data governance framework applicable to personal data after it is shared with these parties. 3. JURISDICTION FLAGS: EU and UK users benefit from GDPR transparency obligations requiring disclosure of the identity of data recipients or categories of recipients. California residents are entitled to disclosure of the categories of third parties with whom data is shared under CCPA. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations contracting with Uber for corporate accounts should assess whether employee trip data shared with drivers creates any data processing implications under applicable employment privacy laws, particularly in EU member states with works council or data protection authority consultation requirements. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether driver and merchant contracts include enforceable data protection obligations, data minimization requirements, and prohibitions on secondary use of rider data. The policy does not describe any audit or oversight mechanism for driver or merchant data handling practices.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision identifies the operational data-sharing structure under which personal data including home or work addresses, order preferences, and identity information passes from Uber to independent contractor drivers and third-party merchant partners who operate outside Uber's direct employment or data governance structure.
Under this clause, each trip request results in disclosure of the rider's name and location to a driver, and each delivery order results in disclosure of delivery address and order details to the merchant. The data governance obligations applicable to these recipients are governed by Uber's contracts with those parties rather than directly by this policy.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Uber.