Uber Privacy

Previous post:

...receiving the best possible treatment

Next post:

...sharing misleading information

Back to the home page

...being fired for whistleblowing

It’s been a scandalous year for Uber. But, just as the ride-hailing app thought that it was out of the firing line, it has once again made headlines – this time over claims of allegedly firing an employee for whistleblower retaliation and age discrimination.

Our Joy Drummond, Partner in Employment Law, explains what employees in the UK would need to be able to prove to bring a similar case of whistleblowing.

Being fired for exposing the truth – Ward Spangenberg’s case in the Court of California

Ward Spangenberg – a former forensics investigator for Uber – is suing Uber for ending his employment after he exposed the company’s worrying ‘lack of security’ in relation to its customer data.

His lawsuit claims that Uber told him that he was fired for being in violation of a code of conduct and for deleting everything he had on his laptop. Ward, however, claims that he had to delete everything and start rebuilding his laptop as it crashed and that this was common practice.

In May of this year Ward made a court declaration stating that he reported to Uber certain security issues relating to the protection of employee and customer data.

This information from his court claim about a lack of security has been recently publicised.

Ward started working for Uber in March 2015, where he helped to develop security procedures, and was fired 11 months later.

He told Reveal News that he often objected to the “reckless and illegal” practices adopted by Uber, such as Uber deleting files that it was obliged to keep by law.

In his court declaration Ward said:

“I also reported that Uber’s lack of security, and allowing all employees to access this information (as opposed to a small security team) was resulting in a violation of governmental regulations regarding data protection and consumer privacy rights.”

In response Uber said:

“We have hundreds of security and privacy experts working around the clock to protect our data.”

“This includes enforcing strict policies and technical controls to limit access to user data to authorized employees solely for the purposes of their job responsibilities.”

But, according to security sources, Uber’s policy is based on the ‘honour’ system and that all employees had to do was agree not to abuse their access.

In his court declaration Ward also said:

“Uber’s lack of security regarding its customer data was resulting in Uber employees being able to track high profile politicians, celebrities, and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses.”

Uber refuted these claims, stating that it has strict policies that don’t permit employees to access information about their users. But, Reveal News claimed that thousands of employees in the company were able to access information about their customer’s travel history.

Uber Sends Email to All Staff Reminding them of their Privacy Obligations

In response to the recent publicity Uber’s top security executive sent a company-wide email to staff last Monday reminding them of their obligations when it comes to privacy.

In that email Uber said:

“It’s absolutely untrue that all (or nearly all) employees have access to customer data, with or without prior approval. This is more than simply the “honor system”: we have built entire systems to implement technical and administrative controls that limit access to customer data to those employees who require it to perform their jobs. This could include multiple steps of approval – by managers and the legal team – to ensure there is a legitimate business case for providing access.”

Joy comments:

“Mr Spangenberg claims that Uber’s treatment of him was because he told Uber executives about his concerns around the lack of security around customer data.”

“Those wishing to bring a similar case under UK law would need to show:

  1. that they are a ‘worker’ under the wide definition, which includes employees, apprentices, agency workers, homeworkers, those who work freelance, and trainees;

  2. the details of the factual information (not opinion) disclosed to the employer (or former employer) and to whom and how and when it was made;

  3. that they reasonably believed that the facts they told their (former) employer about tend to show a criminal offence, breach of a legal obligation, miscarriage of justice, health and safety danger, environmental damage, or concealment of any of these and that them revealing the information is in the public interest rather than in their own interests;

  4. that they told the right person/used the right procedure; and

  5. exactly what detriment was caused to them by their (former) employer and how they say this was done because they disclosed the information to the employer (rather than for any other reason).”

Written by Joy Drummond.

For more information on employment law and the services offered by Simpson Millar, please call:

0808 129 3304

Previous post:

...receiving the best possible treatment

Next post:

...sharing misleading information