It's hard to think back to a time before Uber was making headlines in one way or another. This week, for example, the company is mailing out checks to drivers as the result of a Federal Trade Commission settlement that it exaggerated earning potential in advertisements. But today the company is announcing some news that may be better received: After nearly a decade in business, it has hired its first chief privacy officer.
Ruby Zefo CIPP/US, CIPM, FIP, will serve as CPO starting next month. In addition, as mandated under the EU's General Data Protection Regulation, the company has hired Simon Hania to serve as its data protection officer.
Zefo comes to Uber via Intel, where she served as its chief privacy and security counsel. (Full disclosure, she's also a member of the IAPP's board of directors.) Melanie Ensign, Uber's privacy and security communications lead, said Zefo's new position, which will be based in San Francisco, "fills a critical global role responsible for the development and implementation of privacy standards, procedures and processes in every market where we operate."
Hania will be based in Amsterdam and, as mandated by law, will independently oversee Uber's compliance with EU data protection laws. To date, Uber has been using an outside firm based in the Netherlands that is registered as its interim DPO. Hania was previously vice president of privacy and security at Dutch navigation company TomTom. There, he was focused on connected and autonomous vehicles, and wearable technologies.
Both Zefo and Hania will report to Uber's chief legal officer, Tony West, who was brought on board in November 2017. West told The Privacy Advisor he anticipates Hania being a "strong, independent advocate for Uber users as data protection officer in the EU," based on his reputation for "both technical expertise and objectivity." He added that his previous experience "as well as his deep knowledge of European privacy law will service our users well." He said Zefo was hired for her strong leadership "in building privacy programs, teams and governance frameworks at a global scale," and added that her extensive expertise "creates an important opportunity for Uber to expand and strengthen privacy protection for users around the world."
The appointment of Zefo, specifically, marks a departure in the company's approach to privacy under its old leadership: In June 2017, former CEO Travis Kalanick resigned amid a number of PR nightmares, a 2014 data breach and a subsequent settlement with the Federal Trade Commission among the snafus preceding his departure.
In an interview with The Privacy Advisor in August 2017, product manager Zach Singleton described the company's privacy model at the time: Privacy was a shared responsibility across teams versus concentrated within a centralized office. Singleton said the model was "working" for the company. "It's effective for us," he said. Ensign added at the time, "Regardless of if we ever have a CPO at Uber, there are people on the hook ... There are executives on the hook at the c-suite level, then entire teams where all our objectives and key results are based on this." But Singleton did add that when a new CEO was on-boarded, that model would likely be reevaluated.
Current CEO Dara Khosrowshahi has been running the company for a year as of next month. When he came on board, Ensign said, he agreed with West that the company had grown its privacy function to such an extent that the natural progression was to bring in experienced leadership at the global level. Zefo will be responsible for developing Uber's global policy policies and governance frameworks.
"Not every company has a CPO, so having an executive team that understands the importance of this role is a really exciting milestone for our privacy teams at Uber as well as our users," Ensign said. "Over the past few years, we've had pockets of privacy professionals working in our engineering security, legal, product, and policy organizations; and having someone with [Zefo's] experience now joining to spearhead a truly global program is a good indication of how the company plans to prioritize privacy moving forward."
It's not yet clear what Zefo will immediately prioritize, Ensign said. She'll first take stock of existing programs and then decide where to focus. It is clear, however, that she'll build a new team that will work in collaboration with the company's existing privacy engineering, legal and policy teams.
Asked whether hiring Zefo aims to make good with users the company's prior privacy missteps, Ensign said, "[Zefo's] remit is global and intended to make it easier for Uber to be proactive about privacy around the world with a unified vision and framework."
If you want to comment on this post, you need to login.