Customer Privacy Ignored: A Case Study of Uber

Customer Privacy Ignored: A Case Study of Uber

“Corporate Citizenship is a recognition that a business, corporation or business-like organisation, has social, cultural and environmental responsibilities to the community in which it seeks a licence to operate, as well as economic and financial ones to its shareholders or immediate stakeholders. Corporate citizenship involves an organisation coming to terms with the need for often radical internal and external changes, to better meet its responsibilities to all of its stakeholders (direct or indirect), to establish, and maintain, sustainable success for the organisation, and, because of that success, to achieve long term sustainable success for the community at large.” (Corporate Citizen Research Unit at Deakin University in Australia)

From the above definition, it becomes clear that an organisation should be fully aware of its responsibilities and what needs to be done to fulfil these responsibilities. Today, we look closely into Uber – who in recent times has struggled in the security and privacy of both its customers and drivers – to determine if its actions have displayed efforts towards good corporate citizenship, or otherwise. Forming the basis of our inquiry is the article published by Reveal in December 2016, where Ward Spangenberg, a former security professional with Uber, was reported to have said, “Uber’s lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses.” That raises a huge red flag!

Uber was founded in March, 2009 by Travis Kalanick and Garret Camp in San Francisco, California, USA. Ever since its launch in May 31, 2010, the company has made breakthroughs in over 500 cities worldwide. In an article published by Marketing Interactive in January 2016, Uber in 2015 claimed to have completed its 1 billionth ride since its launch. Also, in October 2016, it was reported that 40 million riders used the service in a single month (Fortune Magazine, 2016). Clearly, Uber has gained and maintained success since its launch.

However, along with its success in many countries of the world – including Nigeria – it has suffered some criticism. In cities such as Paris, Costa Rica, Brazil, Indonesia and Cape Town, the local taxi drivers operating have protested Uber, and even attacked some of its drivers. These local drivers have acted in response to the threat that Uber has bitten off a significant chunk of the market, threatening their major source of income; and in some cases, Uber failed to meet and liaise with these drivers. Therein lies the first mistake: before entering the local community, Uber should have taken the requisite steps to fully understand the space in which it wanted to operate and adopted an attendant market strategy.

Moving on to the major issue here, concerns regarding customer privacy had been raised even before the comment by Spangenberg reference earlier. In an article by TechCrunch in 2014, Senator Al Franken, Chairman of the Subcommittee on Privacy, Technology, and the Law had in a public letter to Uber CEO, Travis Kalanick, stated, “I am especially troubled because there appears to be evidence of practices inconsistent with the policy [Uber spokesperson] Ms. Hourajian articulated. It has been reported that a tool known as ‘God view’ is ‘widely available to most Uber corporate employees’ and allows employees to track the location of Uber customers who have requested car service.” This is especially troubling in recent times where security has become a national concern, especially in Nigeria. If Uber is unable to protect the data of its users, or communicate its efforts at doing so, the reputation will continue to inadvertently take blows to its reputation, but more importantly, will lose its credibility as a responsible business or a trustworthy partner.

In an article published in February 2015 by ArcTechnica, Uber’s Managing Counsel of Data Privacy, Katherine Tassi, revealed that it had suffered a data breach more than nine months before, where driver names and license plate information on approximately 50,000 drivers were disclosed. While this breach was discovered by Uber in September 2014, it reportedly waited close to five months before notifying the affected drivers. By doing so, Uber left its drivers vulnerable to attack for close to 5 months, with no forewarning or instruction to take extra precautions. As Claire Gartland, of the Electronic Privacy Information Center so succinctly put it, “The idea that Uber is so cavalierly taking very little responsibility for protecting your information should be concerning to everyone” (Reveal, 2016)

Now, we hear that Uber wants to track the location of its users even when the app is not in use. This immediately begs the question: to what end? As one would expect, this has raised doubts as to whether the company is overstepping its bounds. In an update to its Apple App’s location services feature, the company (Uber) had removed the option for the company to locate its user only while the app is in use. As noted by TechCruch in November 2016, Uber laid the groundwork for this change in its policy toward location data when it updated its privacy policy last summer to allow it to track users even when the app was in the background. This prompted a group called the Electronic Privacy Information Center to file a Federal Trade Commission complaint, calling the move “unlawful and deceptive.”

Though Uber has enjoyed success over the years, and has penetrated large cities worldwide, there are still numerous doubts as to whether it is meeting up to its responsibilities as a good corporate citizen. Its users’ privacy and safety should be its number one concern, yet it seems to have failed to fully grasp the importance of this issue to its stakeholders, and blatantly positions itself with constant privacy controversy.

Summarily, it is interesting to see how the story unfolds, particularly because of the significance of data security and privacy to technology companies in building a sustainable business. As more awareness is raised over Uber’s infractions, we expect to see the company face strict regulations in countries that will inspire it to revaluate its current somewhat flippant attitude, and make the requisite steps towards compliance. Same goes for other organisations: as a responsible corporate citizen, you should strive towards sustainable success through inclusive and progressive business practices that your stakeholders can trust. It is crucial to remember that corporate citizenship should be treated with the highest regard.

150 150 CSR-in-Action

    Start Typing
    Privacy Preferences

    When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

    For performance and security reasons we use Cloudflare
    Click to enable/disable Google Analytics tracking code.
    Click to enable/disable Google Fonts.
    Click to enable/disable Google Maps.
    Click to enable/disable video embeds.
    Our website uses cookies, mainly from 3rd party services. Define your Privacy Preferences and/or agree to our use of cookies.