Uber Technologies Inc.

UBER 17.81%

sued the Los Angeles Department of Transportation on Tuesday, escalating a monthslong disagreement over the city’s data-collection efforts.

Uber has been sparring with the city’s transportation authority over a rule that requires that it share real-time location data for its dockless scooters.

City officials have said they need this data to better manage traffic on public streets and reduce safety hazards caused by abandoned scooters and bikes. The information they collect is treated as classified, they say, and stripped of personally identifying information. A spokeswoman for the agency declined to comment on the lawsuit, saying “it is not business as usual for the city” as it wrestles with the coronavirus pandemic. She said Uber recently began complying with the rules that it was challenging.

Earlier this month, Uber began sharing real-time location data with Los Angeles to avoid pulling its Jump scooters from the city. Previously, it shared data with a 24-hour lag.

But the company argues that the collection of real-time data could give governments a precise window into the daily lives of its residents, even if the information is scrubbed of names and other directly identifiable information.

Uber says the information could be used by government agencies—or breached by malicious hackers—to target specific groups or communities, stalk individuals or commit fraud.

A legal battle could set the stage for how cities strike a balance in policing the companies that use their streets while safeguarding people’s privacy.

Uber alleges that the city’s real-time data sharing requirement violates state and federal law, including the Fourth Amendment of the U.S. Constitution, according to the lawsuit filed in federal court in Los Angeles. The Fourth Amendment protects citizens from unlawful search and seizure of private property.

Uber asks in the suit that the Transportation Department pay attorney fees and other costs associated with the trial. It also asked “for any other relief that the court deems just and proper.”

Other U.S. cities are closely watching what happens in Los Angeles. Many use the same software—developed by the city’s Transportation Department in 2018—to track mobility providers on their streets.

“When you’re talking about real-time data location sharing, you’re essentially talking about surveillance,” Uber’s chief privacy officer, Ruby Zefo, said in an interview earlier this year. Los Angeles hasn’t told the company what it plans to do with the data, who it plans to share it with or how it plans to safeguard it, she said.

“We’d be willing to participate to standardize these things,” Ms. Zefo said, but right now “there is no standardized way of doing it.”


Lyft Inc.

shares real-time scooter data with Los Angeles, but a spokesman said the company has expressed “continued concerns about the privacy risks of collecting” it. In a letter addressed to the city’s transportation agency last year, and reviewed by The Wall Street Journal, Lyft said underserved individuals are more likely to hail bikes and scooters than private taxis. They are also more likely to have run-ins with law, the company said, raising questions about whether real-time location sharing “could become a surveillance tool for law enforcement.”

Worries that government agencies could use big data to spy on people aren’t without precedent. The Journal reported last month that the Department of Homeland Security bought access to a commercial database that maps the movements of millions of cellphones in America and uses it to track people suspected of entering the U.S. unlawfully.

The location data was drawn from ordinary cellphone apps, including those for games, weather and e-commerce, for which the user had granted permission to log the phone’s location.

Dockless scooters are relatively low-tech devices that are vulnerable to attack, according to researchers. Last month, researchers from security company Imperva Inc. said they were able to reverse-engineer connections between scooters and company servers to track the location of individual vehicles in Tel Aviv.

Murtuza Jadliwala, an assistant professor at the University of Texas at San Antonio, published a paper earlier this year outlining how a hacker could break into location systems, steal payment details and even launch physical attacks by compromising the Bluetooth connection between a rider’s smartphone and the vehicle.

Such information is sensitive, but Mr. Jadliwala said that mobility providers already collect it. “I think from that aspect, the thing that we need to worry more about is how are the service providers using that? Because they are the ones that have hordes of passenger or rider data,” he said.

Uber’s Ms. Zefo says the company collects “location data to manage our assets. We’re not out to do anything more than that.” The private sector has “all kinds of legal requirements” that don’t apply to governments, she said.

City officials believe that Uber’s primary concern isn’t user privacy. They say the company is using the argument to circumvent regulation and resist sharing information about its operations.

“That fear of data collection as the slippery slope towards full government regulation is very much in the DNA of these companies,’’ Seleta Reynolds, general manager of the Los Angeles Department of Transportation, said in a recent interview. “It’s because of the history of how they launched and grew up.”

Uber has come under scrutiny over user privacy. In 2017, it settled accusations from the Federal Trade Commission that it failed to properly monitor use of a program called “God view” that allowed staff to view user trips in real time. Another software, “Greyball,” was designed to identify law-enforcement officials and competitors attempting to disrupt operations.

“That’s not the company we are now,” Ms. Zefo said. Uber hired Ms. Zefo in 2018 as its first chief privacy officer.

Write to Preetika Rana at preetika.rana@wsj.com and James Rundle at james.rundle@wsj.com

Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Read More