The General Data Protection Regulation (GDPR) in Europe created “rules of the road” for companies and government bodies that use personal data in countries where this law applies. Organisations that want to collect and use this data must meet their GDPR obligations.
One of these obligations for companies like Uber, is the appointment a Data Protection Officer (DPO). At Uber, the DPO helps our company live by our GDPR obligations and monitors our compliance. Below are more details about what this means for Uber customers in the European Union and around the world.
What is Data Protection?
The term “data protection” as used in GDPR describes a fundamental right belonging to people who reside in Europe. The GDPR says personal data can only be used for a clear, specific, and lawful purposes. It also says individuals have the right to be treated fairly with how their data is being used.
GDPR also includes rules to protect individuals when their personal data is used to provide them with a service, while allowing their data to be used for economic, societal, and other benefits such as physical safety. GDPR protects other fundamental rights, such as the right to privacy (“respect for private and family life”), the rights to life and safety (“security of person”), the freedom of expression and information, and the freedom to operate a business.
Ultimately, GDPR is more than just a privacy law. It is a robust data law that protects multiple fundamental rights in addition to privacy.
What is a DPO and what do they do?
DPOs are advisors. GDPR requires organisations like Uber to appoint a DPO to help them understand and meet their GDPR obligations. For example, an organization must consult their DPO when it seeks to use personal data on a large scale, or in new and innovative ways.
DPOs also act as internal watchdogs: GDPR requires that companies demonstrate greater responsibility when processing personal data and be able to verify their adherence to the data protection law. To meet this goal, the DPO monitors and audits the organisation’s personal data processing for adherence with GDPR. This allows the DPO to verify compliance with GDPR, and identify any areas where improvements are needed.
In addition, DPOs are ambassadors for government officials and consumers. We serve as a port-of-call for data protection authorities and privacy regulators who need to contact our organisation. Customers may also contact the DPO if they have issues or questions related to the use of their data.
To meet these responsibilities, a DPO must be knowledgeable about data protection topics and remain sufficiently autonomous and independent from the organisation. They should be free to ask anything and express opinions about everything. To be a trusted guide, watchdog, and ambassador, a DPO is also bound to protect confidentiality with respect to anything they learn in the course of fulfilling their duties.
The DPO at Uber
At Uber, we’ve taken the above philosophy to heart. Our DPO organisation is on the ground in Europe, equipped with the resources to live up to the tasks, and reports directly to Uber’s Chief Legal Officer.
In doing so, we believe we can best assure that we can continue delivering the protections granted to our European customers under GDPR. And because we operate a world-wide platform, our customers globally may also benefit from new technologies and product features we build to meet our GDPR obligations.
How to Contact Uber’s DPO
Details about Uber’s data practices are available in the Privacy Notice here. It also includes information about how you can exercise control over your data.
You are welcome to contact Uber’s Office of the DPO about how your personal data is collected and used by using this form.