Uber’s food delivery drivers are now required to take photos of driver’s licenses or other IDs of the people who order alcohol. According to Uber Eats, the pictures will not be retained, but the new requirement is bringing with it a number of privacy concerns.
Uber Eats advised customers ordering alcohol that delivery partners will need to take a photo of their ID before each delivery in order to verify their age. This only applies to Victoria, Australia, as the company doesn’t deliver alcohol in other states or territories yet.
Valid IDs include a driver’s license, proof of age card, passport, Keypass card, or learner’s permit. The alert customers received, however, did not provide any information on how the photos would be used or whether the data would be held securely and deleted when no longer required.
It’s also unclear how the app will account for variations in the location of the information on the IDs when recording only that portion of the photo. Prior to this requirement, Uber delivery drivers and riders were required to enter their date-of-birth information manually into the app.
In response to the privacy concerns regarding this change, an Uber spokesperson released the following statement: “Using this technology, the only data that is retained from the ID photo is the customer’s date of birth and expiry date of the document, both of which are encrypted, as per Uber’s privacy and information security program. The photo itself will be deleted from Uber’s systems once the encrypted information is extracted. No other personal information is gathered, only what is required to ensure the customer is of legal drinking age.”
Users will be alerted to the new policy via a billboard at the top of the app. In the event a person does not have an ID at the time of delivery, they will be given a refund. The driver will still be paid for returning the alcohol.
While this policy is only being implemented in Victoria, it’s the federal information commissioner who is responsible for ensuring the data collection complies with Australian privacy law. According to the commissioner, Sven Bluemmel, the best practice would be for businesses to collect as little information as possible. This is because the more that’s collected, the higher the risk for inappropriate disclosure of personal information.
To learn more about the latest news regarding rideshare companies, click here to visit the Rideshare Law Group blog.