The California Public Utility Commission has slapped Uber with a $59 million fine for refusing to hand over detailed records on more than 1,200 alleged sexual assaults involving Uber drivers in California between 2017 and 2019.
"The CPUC has been insistent in its demands that we release the full names and contact information of sexual assault survivors without their consent," Uber said in a statement on Monday. "We opposed this shocking violation of privacy, alongside many victims’ rights advocates."
Uber disclosed the existence of thousands of sexual assaults nationwide in its 2019 safety report. Afterward, the CPUC demanded detailed information about cases that occurred in California—including the time and place where assaults happened and names and contact information of witnesses. The CPUC order doesn't specifically ask for the names of victims. However, in many cases the victim would be the only witness, so CPUC was essentially seeking to unmask hundreds of sexual assault victims.
Uber objected, noting that most of the victims had not consented to have their identities or stories shared with third parties. Even if the records were kept confidential, Uber argued, a CPUC investigation of these cases could force victims to revisit one of the most traumatic moments in their lives.
In a revised order, the CPUC allowed Uber to submit the information under seal to ensure that the data did not become public. But beyond that, the CPUC refused to budge, issuing a second order in January demanding that Uber turn over the data.
“Retraumatization of Victims”
Victims' rights groups like the Rape Abuse Incest National Network (RAINN) rallied to Uber's defense. "RAINN is exceedingly concerned that the Commission's ruling" directs Uber to "share a list of victim names, contact information, and additional incident details with the Commission, without the consent of the victims," the group wrote in an August filing with the CPUC.
"The vast majority of sexual assault victims choose not to report to police," RAINN added. "Surely, they never envisioned that a state regulatory commission would require disclosure of information that they, themselves, have explicitly decided to not share with the state."
RAINN argued that enforcement of the CPUC's demands would "nullify each victim's right to decide when, and to whom, to disclose their assault" and would "risk re-traumatization of victims."
But the CPUC seemed unmoved by these arguments, whether they came from Uber or from groups like RAINN. In a ruling on Monday, the agency held that "this decision does not require the public disclosure of such information that could potentially traumatize the victims a second time." Instead, the agency reasoned, the rules "require only that the information regarding sexual assaults and sexual harassment be submitted to the Commission under seal."
The CPUC concluded that Uber had "refused, without any legitimate legal or factual grounds, to comply" with the data request. The agency held that Uber's actions were particularly severe because they had "harmed the regulatory process."
In setting a fine, the CPUC is supposed to consider whether a party's actions were in the public interest. But in Uber's case, the agency concluded that "there are no facts to mitigate the degree of Uber's wrongdoing." So the CPUC slapped Uber with a harsh $59 million penalty.
“Transparency Should Be Encouraged”
Ironically, after hitting Uber with a massive fine for refusing to name sexual assault victims, the ruling allows Uber to submit its data in anonymized form.
"Uber shall work with the Commission's staff to develop a code or numbering system as a substitute for the actual names and other personally identifiable information" of victims and witnesses to assault cases, the ruling said.
Uber seems to be the only taxi or ride-hailing service that has faced these kinds of questions from the CPUC. The company's decision to publish statistics about sexual assault and other crimes against its passengers set a new standard for transparency, but the report seems to have attracted extra scrutiny from California regulators.
"These punitive and confusing actions will do nothing to improve public safety and will only create a chilling effect as other companies consider releasing their own reports," Uber said in its statement. "Transparency should be encouraged, not punished."
This story originally appeared on Ars Technica.