The policy states that users can submit requests to access, correct, delete, or receive a portable copy of their personal data through the Uber app or privacy.uber.com, with Uber committing to respond consistent with applicable law in the user's jurisdiction.
This analysis describes what Uber's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the operational mechanism through which users in GDPR, CCPA, CPRA, and other privacy law jurisdictions can exercise statutory data subject rights, with the scope of rights honored dependent on the user's jurisdiction and applicable legal framework.
Under this clause, users can exercise data access, correction, deletion, and portability rights through self-service mechanisms in the Uber app or at privacy.uber.com. The specific rights available and Uber's obligations in responding depend on the user's jurisdiction and applicable law.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Depending on where you are located, you may have certain rights regarding your personal information, including the right to access, correct, delete, or restrict processing of your personal information, the right to data portability, and the right to object to or withdraw consent for certain processi...
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
Monitoring
Uber has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Uber provides users with the ability to make requests related to their personal data, including the ability to access their data, correct their data, request deletion of their data, and request a portable copy of their data. Users can make these requests in the Uber app under Settings > Privacy, or at privacy.uber.com. Uber will respond to these requests consistent with applicable law.— Excerpt from Uber's Uber Privacy Notice
1. REGULATORY LANDSCAPE: This provision directly implements GDPR Articles 15 through 20 data subject rights for EU and UK users, and CCPA and CPRA access, deletion, correction, and portability rights for California residents. Response timeline obligations differ by jurisdiction: GDPR requires response within one month, extendable to three months; CCPA requires response within 45 days, extendable by an additional 45 days. The policy's framing of compliance as 'consistent with applicable law' means the operative obligations vary by user location. 2. GOVERNANCE EXPOSURE: Medium. The adequacy of Uber's identity verification procedures for data subject requests is a recurring regulatory focus area; overly burdensome verification may itself constitute a compliance concern under GDPR and CCPA, while insufficient verification creates security risks. The policy does not describe verification procedures, appeal mechanisms, or response timelines. 3. JURISDICTION FLAGS: EU and UK users have the broadest statutory rights including the right to object to processing under GDPR Article 21. California residents have CPRA rights including the right to correct inaccurate personal information. Users in Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have analogous rights under those statutes. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations deploying Uber for Business should assess whether employee data subject rights requests through the consumer portal could affect corporate account data, and whether separate data processing agreements with Uber for Business accounts address enterprise-level data subject rights procedures. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should test the operational functionality and response timelines of Uber's data subject rights infrastructure across applicable jurisdictions. Records of request volume, response rates, and denial rates are relevant to regulatory audit preparedness under GDPR and CCPA accountability requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the operational mechanism through which users in GDPR, CCPA, CPRA, and other privacy law jurisdictions can exercise statutory data subject rights, with the scope of rights honored dependent on the user's jurisdiction and applicable legal framework.
Under this clause, users can exercise data access, correction, deletion, and portability rights through self-service mechanisms in the Uber app or at privacy.uber.com. The specific rights available and Uber's obligations in responding depend on the user's jurisdiction and applicable law.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Uber.