In response to Quebec rules that Uber considered “severe,” the company threatened to leave the province. The disputed rules require 35 hours of training for each driver.
Claimed to be an “information society service,” but regulator said actually a transportation service
Seeking to avoid regulations from individual countries in Europe, Uber argued that it is an “information society service” that could only be regulated in accordance with Europe-wide procedures. In a May 2017 decision, the European Court of Justice said that Uber “falls within the field of transport” and therefore “Uber can … be required to obtain the necessary licenses and authorizations under law.”
San Francisco Police Department finds that Uber and Lyft drivers committed 65% of downtown traffic violations
At a hearing, Commander of Municipal Transportation for the San Francisco Police Department Robert O’Sullivan, reported that Uber and Lyft drivers were cited for the majority of traffic violations in downtown San Francisco. In particular, he reported that on the dozen tags SFPD studied, Uber and Lyft drivers caused 1723 of 2656 violations, 65%.
The most common violations resulted from using transit-only lanes (authorized for use by buses and taxis but not Uber or Lyft) (1144 violations). The second-most common category was obstructing a bicycle lane (183 violations).
San Francisco Supervisor Aaron Peskin remarked on the seriousness of the situation and added that “We should take this to the state attorney general.”
Stripped of license to operate in London because “not fit and proper”
In September 2017, Transport for London informed Uber that TfL will not renew Uber’s license to operate in London after September 30, 2017. TfL summarized its concern as Uber being “not fit and proper to hold a private hire operator license” based on a series of deficiencies including:
- Its approach to reporting series criminal offenses
- Its approach to how medical certificates are obtained
- Its approach to how Enhanced Disclosure and Barring Service checks are obtained
- Its approach to explaining the use of Greyball in London, software that could be used to block regulatory bodies from gaining full access to the app and prevent officials from undertaking regulatory or law enforcement duties
London Mayor Sadiq Khan said the ruling was appropriate because “companies must play by the rules.”
Uber appeared like to challenge the ruling in court, and could continue operation during litigation.
Encouraged passengers to circumvent Buenos Aires ban on payments to Uber
After Buenos Aires banned local credit card processors from providing payment to Uber, the company encouraged passengers to circumvent the ban by using prepaid card use, offering a 25% discount on rides paid with foreign prepaid cards, and sending an email to local users telling them about the required procedure.
Investigation for possible bribes to foreign officials
The Wall Street Journal reported that the US Department of Justice opened an investigation into whether Uber bribed foreign officials, in violation of US law (the Foreign Corrupt Practices Act). Uber said it was cooperating with the investigation.
Criticized by San Francisco City Attorney
After the City of San Francisco requested records about driver safety, disability access, and other operations, via a subpoena, Uber objected and refused to cooperate. San Francisco City Attorney Dennis Herrera summarized Uber’s approach: “Unfortunately, Uber is doing what it always seems to do: raise obstacles and drag its feet— all while continuing to flout the law.”
Fined for operating without permits in Philippines
The Philippines Land Transportation Franchising and Regulatory Board (LTFRB) fined Uber for 5 million Philippine pesos (about US$97,000) for letting some drivers operate without permits. Uber and fellow TNC Grab defended their action by citing passenger demand, explaining that if the did not add new drivers, they would be unable to serve passenger requests. But LTFRB Chairman Martin Delgra III pointed out that this purpose did not excuse the companies from complying with applicable laws.
According to the LTFRB, of the 10,054 active drivers that Uber submitted, less than 2,000 had active and valid permits.
LFTRB Tweet alerting drivers to the obligation to cease operations, and encouraging Uber to “to extend financial assistance” to drivers because drivers “would not have suffered the current predicament were it not for the predatory actions of respondent Uber.”
The LTFRB subsequently offered to lift the one-month suspension if Uber paid a penalty of 190 million pesos ($3.7 million). Senator Grace Poe, a Philippines legislator favoring improving transport, said the hefty fine should “make Uber rethink its actions and re-evaluate its strategy in testing the extent of government regulations.”
Ignored Philippines regulator’s order to cease operation
After the Philippines Land Transportation Franchising and Regulatory Board (LTFRB) ordered Uber to cease operations, Uber cited “overwhelming rider and driver demand” in deciding to continue to operate. Uber filed a motion for reconsideration, asking LTFRB to revisit its decision, but the regulator indicated that Uber drivers were still not allowed to pick up passengers while that request was underway. Nonetheless Uber continued service.
Misrepresented its monitoring of employee access to data, steps taken to secure data
In a press release, the FTC summarized its privacy-related complaint against Uber.
For example, Uber told the public that the company “has a strict policy prohibiting all employees at every level from accessing a rider or driver’s data. The only exception to this policy is for a limited set of legitimate business purposes.” Uber claimed access was “closely monitored and audited by data security specialists on an ongoing basis.” Uber made strong claim in its privacy policy such as “We use the most up to date technology and services” to protect customer data, and “we’re extra vigilant in protecting” customer data” via “the highest security standards available.”
In contrast, the FTC found that Uber “has not always closely monitored and audited its employees’ access to Rider and Driver accounts” in that the security system “was not designed or staffed … effectively.” The FTC continued: “In approximately August 2015, Respondent ceased using the automated system it had developed in December 2014 and began to develop a new automated monitoring system. From approximately August 2015 until May 2016, Respondent did not timely follow up on automated alerts concerning the potential misuse of consumer personal information, and for approximately the first six months of this period, Respondent only monitored access to account information belonging to a set of internal high-profile users, such as Uber executives.”
The FTC also criticized Uber for letting engineers use shared access keys with full administrative privileges to all data in Uber’s Amazon Web Services database, rather than requiring that each program and each engineer use a separate key. Uber further failed to restrict access based on employees’ job functions, and failed to require multi-factor authentication to access data. Until March 2015, Uber stored sensitive personal information in AWS in clear text without encryption.