Under the Hood of Uber’s New Privacy Settings

Zach Singleton, Product Manager, Privacy Engineering

Earlier this month, we announced new privacy settings in the Uber app to give riders more choice and control over how they use Uber. The initial lineup includes easy to find controls for location access, promotional notifications, account deletion, and location requests. While users may only see UI changes, how we developed the platform underneath is just as important to the experience.

Building User Controls

We know we’re not the only company working to build privacy into the DNA of our products, but as an industry, we can do a better job of sharing our experiences to help each other. Our team members built similar platforms for some of the largest technology companies in the world before joining Uber, so we’re sharing our playbook to initiate a greater focus on sharing insights and ideas with the community.

1. Know Your Goal — Clarify what you’re trying to achieve before investing engineering resources. For us, it was (1) unified privacy settings in the product, and (2) standardized and scalable supporting platforms so teams working on new features and services can easily onboard.
2. Take Inventory — Embrace opportunities to refine, remove, or build systems based on your technical and business needs. We identified several back end and new internal API projects to hit our reliability and reusability goals. We also operate in multiple regulatory environments and make public promises to our users in our privacy policy. Consulting with our legal and policy colleagues as primary stakeholders early on allows us to build with high quality against technical, legal, and policy requirements.
3. Identify Moving Targets — Developing new settings doesn’t happen in isolation. You need to be aware of where your code will land compared to where the company and other teams are going. Uber migrated to Swift 3 during an early iOS development stage for our new privacy settings. This meant all the code written on our local branch had to be manually updated for the new language — a time-consuming process. We had to keep an eye out for future changes from other teams to minimize unplanned work.
4. Give Users Control — It’s a disservice to your users to launch opaque privacy settings. View each technical and UX element through the lens of clarity and empowerment. Strive to present clear and distinct copy tailored for each OS and each user’s perspective. We considered the context for each control and feature to aid riders with their use. For example, we preview each section on the privacy settings home screen with simple and understandable sub-text. We also built checks and syncs to inform users about settings that need changes in their OS or OS changes that impact their in-app settings.

Location settings in the Uber app guide riders to the appropriate OS controls.

Data Deletion at Scale

At most companies, user data lives in a storage ecosystem that includes components designed for different purposes, like long term storage or low latency. At Uber, we use Schemaless, Cassandra, Riak, Hadoop, and a number of service-oriented databases to support multiple teams and serve multiple needs, from analytics to product development and customer support.

While this strategy is also beneficial for security and privacy, it makes data deletion complex and intensive. Deleting data at scale means:

• Maintaining a systematic, automated source of truth for written policy
• Ingesting requests from a number of sources
• Maintaining retention and deletion schedules
• Managing core deletion flows with a large number of ever-changing services, each of which needs to be onboarded as they come into existence
• Tracking, tracing, testing, and validating successful deletion
• Halting, holding, or revoking deletion if a rider changes their mind and wants to reactivate their account within the 30 day window, or if there is an unresolved payment issue or legal hold on their account

Over the course of many months, our engineers built a new data deletion stack to meet those needs and unify technical execution across Uber storage.

Centralized registration, testing, scheduling, and execution enable consistent data deletion across a complex service and storage ecosystem.

Orchestrating data deletion through a single platform enables us to scale and support new product features and meet user expectations and legal and regulatory guidelines.

More to Come

We built these features and platforms to help riders better manage the information they share with Uber. The time we spent ensuring the technical foundation was ready will allow to us iterate and expand with more features in the future. Since our initial announcement, even more product teams are proactively sending us ideas for new privacy settings — this is a promising demonstration for our team as we continue to drive privacy considerations deeper into Uber’s product development process.

We’re already planning our next release and look forward to exchanging more experiences and lessons with the broader community as we go. Stay tuned.