DRF Highlits Pakistan Ride-Sharing Apps and Privacy Concernes Regard to Online Spaces

Digital Rights Foundation (DRF) in its latest report said that Article 14 of the Pakistan constitution upholds the right to privacy, Pakistan currently doesn’t have a personal data protection law in place and more needs to be done to improve the Bill put forth by the Ministry of Information Technology.

“There are inadequate safeguards in place to hold private enterprises accountable for data breaches and violations of privacy in Pakistan.”

DRF in its report said, “Findings in this study – after review of the privacy policies of both companies, a literature review of scholarship in this area, an interview with the Careem legal team, a consumer survey of approximately 348 participants, and a focus group with 8 drivers or ‘partners’ indicate that the companies behind these services are lacking in their protection and ethical use of personal data, in their provision of safe workplaces for drivers and safe services for users, especially women.”

Digital Rights Foundation (DRF) is an advocacy and research-oriented organization working on issues of online freedom of expression, digital privacy, accessibility and online violence

DRF report said, “Careem entered the Pakistani market in late 2015, and Uber entered shortly thereafter in mid-2016. Since then, the use of ride-share applications has been on the rise in Pakistan. With many seeing such applications as necessary substitutes for an otherwise unreliable and sometimes inaccessible public transport system, this convenience also exposes its users to new vulnerabilities.”


The research methodology for this report is based on both quantitative and qualitative research as well as primary and secondary data. Access to primary data was limited given the reasons explained below.

According to an interview with Bloomberg, however, Uber’s net revenue as of April 2017 was US $6.5 billion, with (adjusted) net losses of US $ 2.8 billion7 .

Uber and Careem’s official position is that the drivers working for them are not employees but partners, or contractors. This takes away the drivers right to claim overtime charges and other perks that companies provide their employees. This can also exclude them from the benefit of any internal complaint procedure against for instance, sexual harassment at the workplace.

According to their privacy policies, they (Uber and Careem) are liable to share the customer information on a case-to-case basis in countries where the law binds them. Uber’s privacy policy40 states DRF said.


DRF gave three recommendations to government that personal data protection legislation must be enacted, which provides regulation for rideshare applications and their approach to data protection of users.

In order to maintain car quality and provide a secondary check on driver credentials outside of Uber and Careem’s own framework, the government should grant licenses to drivers who wish to work as a partner, and for cars of a certain quality to be used for rideshare purposes.

The procedure must be quick and cost-effective so as not to hamper the ability of drivers to gain livelihood. The government should require Careem and Uber to conduct regular security audits, the reports of which must be made publically available.

Recommendations to Careem and Uber:

Both Uber and Careem should regularly train and retrain all its employees in gender sensitivity, customer dealing etc. Both Uber and Careem must have local call centers, physical complaint offices, and online complaint mechanisms which operate in all regional languages and are accessible to the differently abled.

Both Uber and Careem should provide an update on the action taken / not taken with reasoning to every complainant within a reasonable time of making a complaint. Both Uber and Careem should take strict action in case of complaints of harassment, especially if it is targeted towards a minority.

Uber should have a unified standard for car quality that is assessed by a third party before a car is allowed for use and these checks should be repeated periodically. Both Uber and Careem should run specific campaigns in each city of operation to encourage women to sign up as drivers to improve the gender divide in the partners.

In the event of a security breach, both Uber and Careem must inform the entities whose data security has been compromised at the earliest possibility, and the companies must be held accountable for the same.

Both Uber and Careem must develop a framework for informed consent to be obtained from drivers and customers for data collection, use and sharing. Data sought should be restricted to necessary data and should not be shared with third parties without specific and separate consent unless absolutely necessary.

Both Uber and Careem must develop detailed and comprehensive privacy policies specific to Pakistan as well as workplace harassment policies that create safer workplaces for divers.

These policies should be available publicly and within the application as well (both in English, Urdu, and regional languages in its areas of operation). In case of privacy policies being updated, the user should be informed within the app and through email.

Similar Articles



Please enter your comment!
Please enter your name here


Most Popular