Depending on where you live, you may have the right to see the data Uber holds about you, ask for it to be corrected or deleted, receive a copy you can transfer elsewhere, or object to certain uses of your data.
This analysis describes what Uber's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights give consumers meaningful control over their personal data, but their availability depends on jurisdiction, and the qualifier 'to the extent applicable law allows' means not all users have the same rights.
Riders in the EU, UK, California, and other jurisdictions with comprehensive privacy laws can formally request access to, deletion of, or a portable copy of their Uber data, which includes trip history, location records, and inferred attributes, though the scope of these rights varies by location.
How other platforms handle this
Depending on where you live, you may have certain rights with respect to your personal data, including the right to access, correct, delete, or port your personal data. You can exercise these rights by contacting us at privacy@bereal.com. We will respond to your request within the timeframe required...
Depending on where you live, you may have certain rights regarding your personal information, such as the right to access, correct, delete, or transfer your personal information, to object to or restrict certain processing of your data, or to withdraw consent for processing where you've previously p...
Depending on your location, you may have certain rights regarding your Personal Information, including the right to access, correct, or delete your Personal Information, the right to data portability, the right to opt out of certain data processing, and the right to not be discriminated against for ...
Monitoring
Uber has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Users may request that Uber provide them with access to personal data Uber holds about them, or that Uber correct, delete, or restrict processing of such personal data, or provide a copy of personal data in a portable format, or object to Uber's processing of personal data, to the extent applicable law allows.— Excerpt from Uber's Uber Privacy Notice
REGULATORY LANDSCAPE: GDPR Articles 15-22 establish rights of access, rectification, erasure, restriction, portability, and objection for EU/EEA users. The UK GDPR mirrors these rights for UK users. The CCPA/CPRA establishes similar rights for California residents, including the right to know, delete, correct, and opt out of sale or sharing. The California Privacy Protection Agency and EU Data Protection Authorities are the relevant enforcement bodies. The notice's qualification that rights apply 'to the extent applicable law allows' is standard but means the practical scope varies significantly by jurisdiction. GOVERNANCE EXPOSURE: Medium. The operationalization of data subject rights at scale represents a significant compliance requirement. Failure to respond to valid requests within statutory timeframes (30 days under CCPA, one month under GDPR) or to fulfill rights completely can result in regulatory action. The breadth of data Uber holds, including location history and inferred attributes, makes complete and accurate responses to access requests operationally complex. JURISDICTION FLAGS: EU/EEA and UK users have the broadest statutory rights and access to supervisory authority complaints processes. California residents have CCPA/CPRA rights enforced by the California Privacy Protection Agency. Users in other US states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Texas, and others) have varying rights depending on their state's legislation. Users in jurisdictions without comprehensive privacy laws may have limited statutory rights beyond those Uber voluntarily extends. CONTRACT AND VENDOR IMPLICATIONS: Enterprise Uber for Business clients may receive data subject requests from employees relating to data generated through business accounts, creating a need to coordinate with Uber on fulfillment responsibilities and establish clear contractual obligations around request handling. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that Uber's data subject request handling processes meet the response timeframes and completeness requirements of each applicable jurisdiction. The portal at privacy.uber.com should be assessed for accessibility and whether it adequately surfaces all available rights to users in each jurisdiction. Identity verification processes for data subject requests should be reviewed to confirm they are not so burdensome as to effectively deter legitimate rights exercises.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights give consumers meaningful control over their personal data, but their availability depends on jurisdiction, and the qualifier 'to the extent applicable law allows' means not all users have the same rights.
Riders in the EU, UK, California, and other jurisdictions with comprehensive privacy laws can formally request access to, deletion of, or a portable copy of their Uber data, which includes trip history, location records, and inferred attributes, though the scope of these rights varies by location.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Uber.