Last month, Uber updated its location tracking policies asking users to allow the app to continue following them for five minutes after their ride ends. Unsurprisingly, the change was met with some concern from users and privacy advocates. Now, lawmakers are jumping into the fray, urging Uber to upgrade its privacy policy to ensure that sensitive customer data is properly protected. 

Sen. Al Franken (MN) wrote an open letter to Uber CEO Travis Kalanick asking the man in charge to provide customers with direct control over their personal data and easy access to a clear and comprehensive rundown of how and when their data is being used.

For those unfamiliar with the recent change, here’s a bit of background: The ridesharing company updated the way it tracks users. To do this, Uber asked customers to allow it to “access your location even when you are not using the app.”

According to the pop-up, clicking “allow” would allow Uber to collect passenger location data from the time the trip is requested through five minutes after the trip ends — including when the app is in the background.

“We do this to improve pickups, drop-offs, customer service, and to enhance safety,” the company says in the pop-up, noting that users can turn off location data any time through their device’s settings area.

Currently, if a user doesn’t want to allow the additional tracking when the app is not in use they must simply disable location services. By doing this, users have to manually enter their location to summon a ride.

While Franken notes that Uber’s new policy appears to be well-intentioned, he believes customers deserve a meaningful opportunity to decide for themselves the fate of their personal data.

“At the very least, consumers have a right to clear and comprehensive information about what data are being collected about them, how the data are being treated, and with whom the data are being shared,” Franken wrote. “To achieve this necessary transparency, I urge you to amend Uber’s privacy statement to reflect the company’s public assurances and justifications related to the most recent app update.”

To achieve this, Franken urges Uber to consider implementing in-app options that are distinct from operating system-level permissions, including when and how data is shared.

“Better controls could not only protect users’ privacy, but encourage more engagement with Uber’s services,” Franken wrote.

In lieu of actually providing customers with the ability to control when and how they are tracked and how that information is used, Franken recommended specific changes to the company’s privacy statement including:

• Collection of Location Information — Uber should update its “Information We Collect Through Your Use of Our Services” section to explicitly state that Uber collects precise location information only when users are interacting with the app, when a user is on a trip, and for up to five minutes after a driver has ended a trip.

• Use of Location Information — The company’s “Use of Information” should be updated to reflect that post-trip location data is used only for the stated justifications for the app update, including to improve pick-ups and drop-offs, enhance safety, and prevent fraud.

• Guide to Trip Related Location Data — Uber’s privacy statement should include information on how to disable location tracking, or provide a link to the page to ensure users have an easily accessible and comprehensive understanding of Uber’s collection, treatment, and sharing of their location data.

• User Notification — To ensure users provide their meaningful consent to any such changes, including those that are recommended here, Uber should notify users through the app and through email.

This isn’t the first time Franken, ranking Member of the Judiciary Subcommittee on Privacy, Technology, and the Law, has taken issue with companies’ collection and use of customer data.

In July, at the peak of the Pokemon Go craze, Franken sent a letter Niantic CEO John Hanke raising concerns about the extent in which the company may have been unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent.

Before that, in April, he asked similar questions when Oculus Rift was released.

Last year, he took Apple to task, calling for a federal investigation into the possibility that the tech giant may be creating an anticompetitive environment in the streaming music market.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.