Uber Privacy Pact Shows New Enforcement Role for State AGs

January 11, 2016 – In The News

Scott L. Vernick was quoted in the Law360 article, “Uber Privacy Pact Shows New Enforcement Role for State AGs.” Full text can be found in the January 11, 2016, issue, but a synopsis is below.

A recent settlement between the New York attorney general and Uber over alleged tracking of passengers and exposure of drivers’ personal data demonstrates that state regulators are able to use the powers granted to them under state breach notification laws to fill gaps left by the Federal Trade Commission (FTC).

The requirements of the deal, including limiting access to geolocation information through encryption and employee monitoring, are in line with agreements the FTC has reached with businesses over the years.

The FTC has also stressed data minimization or only collecting necessary data to carry out operations, a concept further driven home by the New York regulator’s agreement.

“Going back at least five or six years, the FTC has said not to hold onto stuff you don’t need, and there was clearly no reason for Uber drivers to have information like payment data,” said Scott L. Vernick, a noted privacy attorney. “I see this as very complementary and consistent with what the FTC is doing.”

Click here to view the full article.