Skip navigation

Uber Privacy Act Breaches

Mr BARTON (Eastern Metropolitan) (18:12): (1425) My adjournment tonight is for Minister Carroll, the Minister for Public Transport. On 23 July this year the Australian Information Commissioner and Privacy Commissioner determined that Uber interfered with the privacy of an estimated 1.2 million Australians. It was found that Uber companies failed to appropriately protect the personal data of Australian customers and drivers, which was accessed in a cyber attack in October and November 2016. Uber breached the Privacy Act 1988 by not taking reasonable steps to protect Australians’ personal information from unauthorised access. They also failed to take reasonable steps to comply with the Australian Privacy Principles. Now, what makes this worse is that Uber chose to pay the attackers a reward through a bug bounty program. They did not conduct a full assessment of the personal information that may have been accessed, nor did they publicly disclose the breach until over a year later.

Uber has tried to argue that it is not subject to Australia’s Privacy Act, as Australians’ personal information is being indirectly transferred to overseas-based companies and their services. How could this be? Uber is attempting to circumvent our laws and regulations that protect the public and their right to privacy. We are letting Uber take our personal information overseas, only to have it stolen, with no breach of personal information publicly declared for over one year. When our personal information is not protected, we are vulnerable to exploitation and at risk of serious harm. Who is to hold Uber accountable for their management of our personal information when the regulator themselves could be engaging in data overreach?

Earlier this year Uber was approved by Commercial Passenger Vehicles Victoria to take part in the multipurpose taxi program. This is a government scheme which subsidises commercial passenger vehicle fares for people with accessibility or mobility needs, and as an authorised booking service provider within the multipurpose taxi program, Uber collects and stores information about MPTP members, the trips they have undertaken and their credit card details.

Given Uber sends and stores its data outside of Victoria and Australia, I am concerned that this may contravene government data standards. This is a government program, and it must adhere to the state and federal laws for data standards. Therefore the action I seek is for the minister to investigate that the personal details of those vulnerable multipurpose taxi program users are collected and protected in keeping with state and federal laws for data standards which the government program must adhere to.


See speech here.

Continue Reading

Read More

Showing 1 reaction

  • Emma Louise Gardner
    published this page in Latest News 2021-08-08 09:41:58 +1000