California Failed to Consistently Track Ride-Hailing Assault and Harassment Complaints

Regulator demands clarification from Uber and Lyft on years of confidential safety reports

Ride-hailing car in San Francisco.

Yesica Prado/San Francisco Public Press

Since California legalized ride-hailing in 2013, hundreds of passengers have filed lawsuits alleging driver misconduct. Uber and Lyft say safety problems are rare.

The agency responsible for regulating the ride-hailing industry in California has failed to collect consistent data on claims of assaults, threats and harassment on Uber and Lyft rides, a San Francisco Public Press investigation found.

The California Public Utilities Commission is required to collect the information from the firms annually to fulfill its mission of ensuring that their rides are safe. But previously confidential filings and recent interviews show that the agency has permitted the companies to use very different interpretations of the reporting requirements, raising questions about the data’s reliability.

The commission received the 2020 safety reports more than a year ago. But it was not until Sept. 22 — two days after the agency released them to the Public Press and the first time it has made them public — that it sent letters to Uber and Lyft ordering the firms to provide “all definitions” of assaults and other misconduct used in their submissions for the last five years.

Terrie Prosper, the commission’s director of news and outreach, did not respond to specific questions about the data discrepancies or the letters, but in an email she acknowledged the issue.

“In the annual report information provided to you, each TNC defines that data they have provided to the CPUC,” she said, referring to ride-hailing firms, known also as transportation network companies. “The CPUC is aware of this definition issue and may consider it as the CPUC addresses the reports.”

Rebecca Ruff, an attorney with the agency’s legal department, said in an Oct. 19 letter that it was withholding records on the queries to Lyft and Uber because they were confidential “investigation records.”

Ride Hailing's Dark Data

The commission is California’s primary regulator of ride-hailing firms and the state’s only agency that collects comprehensive safety data on the industry.

In its report on drivers suspended or deactivated for allegations of assaults, threats and harassment on its rides, Lyft entered 18,178 records — nearly 12 times the number that its much larger rival Uber did — during the same one-year period, their reports to the commission show.

When asked about the disparity between its report and Uber’s, a Lyft representative insisted that the company’s report to the agency was accurate, but said it was not a tally of the actual number of drivers it suspended or deactivated for those offenses.

“It’s impossible to use these reports to draw accurate comparisons between Uber and Lyft,” Ashley Adams, a senior communications manager with Lyft, said in an email. “Instead, what this data reveals is two companies making very different choices about definitions and how they categorize and share data about incidents.”

In an interview, Adams called the commission’s definitions of assault “incredibly broad and imprecise” and open to widely varying interpretations by the companies.

Andrew Hasbun, head of safety communications at Uber, responded, “We aren’t able to speak to Lyft’s process or safety standard so there isn’t much we can say on some of the differences.” 

Uber, he said in the email, reported the actual number of drivers suspended or deactivated as a result of the alleged incidents.

In a subsequent email he added that “any characterization that Uber under-reported is simply not accurate.”

[Update 10/22/2021: The companies’ required reports to the commission are separate from the safety publications each has issued. Lyft on Oct. 21 released its long-awaited “Community Safety Report,” saying it had received reports of 4,158 sexual assaults on its platform in 2017, 2018 and 2019. Like the one Uber released in 2019, Lyft’s does not disclose the number of assaults by state. Neither report contains as much detail about the assaults or requires an attestation to their accuracy by a corporate official under penalty of perjury, as the mandatory California reports do.]

Firms say rides are safe

Both firms told the commission they investigated all the allegations in their mandatory 2020 reports, determined most were unfounded and permanently deactivated a much smaller number of drivers.

The firms told the Public Press that 99.9% of their rides ended without any safety issue, and that the well-being of riders and drivers was a top priority. They said they had added many safety features to their apps. Uber, for example, has “share status” that lets riders share their location with friends or family. Lyft has a similar option.

But the discrepancies between the reports that Uber and Lyft submitted to the commission raise troubling questions not only about the actual number of alleged assaults, threats and harassment incidents on their rides, but also about whether the agency’s collection of inconsistently reported safety data has undermined its job of protecting public safety.

California regulatory agencies are only as good as the thoroughness and transparency of their work.” — Loretta Lynch, former commission president

Assaults on Uber and Lyft rides — even if they happen on a tiny fraction of overall trips — have been a national concern since the industry began. Hundreds of civil lawsuits accusing the firms and their drivers of sexual assault and negligence have been filed across the country. In some cases, drivers have been criminally prosecuted.

Loretta Lynch, who was president of the commission from 2000 to 2002, said in an interview that the agency needs uniformly reported company information to fulfill its safety mission, but it appeared from the timing of the letters to the firms that agency staff had been unaware of the data discrepancies until a reporter obtained the annual reports. “Reports get filed,” she said, “but who is reading them?”

Richard Clark, who served as the commission’s director of consumer protection and safety from 2000 to 2012, and then as one of its administrative law judges until 2014, said in an interview, “In terms of importance to the public safety, you can’t really know what’s going on out there on the street until you have consistent and accurate data across the industry.”

Prosper, the commission’s spokesperson, did not respond to an email asking whether the inconsistently reported information hindered the agency’s ability to ensure ride safety. 

A question of interpretation

The data discrepancy appears to stem from stark differences in the firms’ definitions of those offenses and in their methods for reporting to the agency, according to records and interviews.

It also appears to result from the commission’s sweeping and sometimes vague descriptions of assaults, threats and harassment, which jumble together a range of acts from physical and sexual assault, to homophobic, racist and sexist comments, to generally making a passenger “uncomfortable.”

Since the commission became the first agency in the nation to legalize ride-hailing in 2013, Uber and Lyft have boomed. The two rivals dominate ride-hailing in California, accepting a combined total of 277,250,720 rides in the one year covered by the reports. Lyft accepted 110,786,422 of those rides, or 40 percent, while Uber accepted 166,464,298, or 60 percent.

From the start, the agency has required the firms to file annual safety reports. But until now it has withheld them under an extraordinary grant of secrecy that frustrated local officials who said they needed the data for traffic planning and safety.

The 2020 reports were released to the Public Press after an eight-month effort under the California Public Records Act. The agency redacted them to protect privacy and proprietary company information.

Uber’s report

The two companies say they report the data differently. While Uber says it reports the number of individual drivers, Lyft says it reports all the records it has that in any way concern a case.

According to the newly released data, Uber said it suspended or deactivated a total of 1,573 drivers for allegations of assaults, threats or harassment.

Of these, the firm said it “waitlisted,” or temporarily suspended, 1,200 drivers, and permanently deactivated 373. Uber said it also suspended 58 passengers. The firm noted that a temporary suspension does not mean an allegation was substantiated.

Uber spokesman Hasbun said in emails that the company’s submissions to the commission were “based on reporting requirements and ongoing discussions with the CPUC.”

He added that “we included, as outlined by the CPUC, the number of TNC drivers suspended or deactivated for assaulting, threatening, or harassing a passenger or any member of the public while providing TNC services.”

However, Hasbun noted that the company’s policy is to not automatically suspend all drivers accused of a safety problem. He pointed to an Uber report that says the firm may temporarily suspend a driver from its platform pending an investigation for a serious complaint, but “the vast majority of safety incidents reported to Uber involve less severe or infrequent behaviors that may not warrant immediate removal.”

Hasbun added in an email, “Overall, any safety issue is exceptionally rare.”




Lyft’s report 

By contrast, Lyft told the commission that in the 18,178 entries concerning alleged incidents it listed in its annual report, the company provided a “warning and/or education” in 17,299, suspensions in 582 and permanent deactivations in 297.

Adams said in the interview that the firm had a lower number of alleged incidents than it might seem based on the number of entries in its report to the commission, but she declined to say how many individual incidents, suspensions and deactivations the company actually had. 

Adams acknowledged that Lyft — like Uber — does not suspend every driver who is the subject of a safety allegation. She said in an email that “depending on the severity of the incident reported, that investigation can include temporarily suspending the accounts of users involved.”

But Adams asserted that Lyft’s policies on reporting alleged incidents to the commission were very different from Uber’s.

“The definition of incidents requested by the CPUC are incredibly broad and imprecise, and they leave a lot of room for interpretation,” Adams said in the interview.

“We’ve chosen to interpret these definitions as broadly as we possibly can, and to err on the side of transparency,” she said. “In being as comprehensive as possible, it seems like we included a number of less severe incidents that Uber likely did not include. And obviously, these less severe incidents make up a larger portion of our numbers.”

“It’s clear to us that Uber makes a very different choice when it comes to reporting,” she said.

In addition, Adams said Lyft includes redundant entries for some incidents. For example, if a complaint came into the company by email and through the app, Lyft reported both to the commission.

And if an allegation was initially classified as physical assault and was later found to be harassment, Lyft reported it as one of each, Adams added, adding that the company wound up “reporting the same incident multiple times.”

“We are trying to give a comprehensive view of the type of incidents that occur on the platform and think it is helpful to understand this broader data set when understanding the nature of these issues,” she said in an email, adding that in this way Lyft believes it submitted an accurate report “in good faith.”

But as a result, Lyft’s report on assaults, threats and harassment appears to include many records that the agency did not request.

In a lengthy narrative explanation that Lyft submitted to the commission along with the data a year ago, the company did not mention its redundant entries and broad interpretations of the reporting requirement, or that it was concerned that agency definitions were imprecise.

Rather, Lyft’s narrative said that it was submitting the assault and harassment information “consistent with” the spreadsheet template provided by the commission.

Long list of offenses

That template is titled, “Assaults & Harassments — TNC drivers suspended or deactivated for assaulting, threatening, or harassing a passenger or any member of the public while providing TNC services.”

The template’s categories for the 2019-2020 reporting year required the companies to include trip ID number, driver’s identification, date of the incident, date of the complaint, whether it was investigated, how it was resolved and consequence to the driver. In defining what the firms must include, the agency provided a list of 48 examples of the kinds of conduct that must be reported within that field.

For the 2020 safety report, the California Public Utilities Commission told ride-hailing companies to report on these 48 examples of driver misconduct in a single spreadsheet field:

Argument, Assault, Attempted robbery, Attempted to physically remove passenger, Discrimination, Discrimination harassment, Entered passenger’s home, Fight, General harassment, Homophobic comments, Inappropriate comments, Injured by driver, Interaction with law enforcement, Made passenger uncomfortable, Physical assault, Racist comments, Refused to end ride, Road rage, Spit at passenger, Threats, Threw item at passenger, Urinated in front of passenger, Verbal harassment, Attempted kissing — non-sexual body part, Attempted kissing — sexual body part, Attempted non-consensual sexual penetration, Attempted sexual assault, Attempted touching — non-sexual body part, Attempted touching — sexual body part, Indecent photography/videography without consent, Masturbation/indecent exposure, Non-consensual kissing — non-sexual body part, Non-consensual kissing — sexual body part, Non-consensual sexual penetration, Non-consensual touching — non-sexual body part, Non-consensual touching — sexual body part, Physical sexual assault, Physical stalking, Sexist comments, Sexual assault, Sexual harassment, Solicited sexual act, Unwanted advances, Unwanted touching, Verbal sexual harassment, Verbal threat of sexual assault.

But the template does not provide a separate field for each kind of misconduct, and allows the firms to enter their own descriptions. In addition, it has no field for the total number of complaints received, an omission that prevents the commission from using the report to determine, for example, what share of them Uber investigates.

“We believe that it’s very important to have a standard and precise and consistent way to report safety incidents to the CPUC. And that doesn’t really seem like what they have at the moment,” she added.

“We’re eager to work with the CPUC on a reporting process that allows for a true understanding of the experiences on our platform and ultimately makes the industry safer,” she added in an email.

Curious timing of letters

The commission is formally investigating the definitions that Lyft and Uber have used for submitting data in their 2020 report, according to both Adams and Hasbun. 

Adams provided the Public Press with a redacted copy of the Sept. 22 letter that the commission sent to Lyft, but she declined to release the entire letter. The Public Press requested copies from the agency, but it declined to release them, saying they were investigative records that were legally exempt from disclosure.

The excerpts show that the commission requested “all definitions of assault, harassment, sexual assault, and sexual harassment” that Lyft used in its annual safety reports filed between September 2017 and the present. 

That letter came two days after the agency released the assault data to the Public Press.

Clark, the former director of consumer protection and safety, said, “the timing of their follow-up queries is curious coming just 48 hours after the data was released.”

The commission’s release of the partly redacted assault and harassment reports marks the first time it has publicly disclosed them. The companies for years fiercely opposed the release of any part of the safety reports, claiming secrecy was necessary to protect privacy and business information. They still claim that parts should remain confidential.

In March 2020, the commission voted to revoke the blanket secrecy for the annual safety reports after an investigative report by the Public Press published that January disclosed that it was based on a one-sentence confidentiality clause inserted into the 2013 regulations as footnote 42, without prior notice to the public and amid intense and sometimes illegal industry lobbying.

In a press release, Commission President Marybel Batjer, who has said she is leaving the agency in December, hailed the vote as bringing “necessary transparency.”

Commission President Marybel Batjer

With the blanket confidentiality clause removed, Robert M. Mason III, an administrative judge with the commission, subsequently reviewed the 2020 reports submitted by Uber and Lyft and in December ruled that parts of them were not confidential. 

In processing the records released to the Public Press, the commission withheld personal identifiers and other information that the companies claimed concerned sensitive business information. 

Also redacted from the released data was a separate column that broke out “description of alleged sexual assault/harassment” for which drivers were suspended or deactivated, though those incidents are also included within the general category of assaults, threats and harassment. 

Neither Lyft nor Uber would say how many complaints each had received alleging sexual assault and harassment by its drivers, and how many drivers each had suspended and deactivated following those complaints. 

Lack of transparency

Despite the commission’s public pledges to improve transparency, it has yet to release any prior annual safety reports, though it is considering that. Meanwhile, the years of secrecy that it imposed on them obscured not only the safety information but also whether the agency effectively used it to protect the public.

“California regulatory agencies are only as good as the thoroughness and transparency of their work,” said Lynch, the former commission president, in an email. “Californians are entitled to know both what regulatory agencies are doing but also how they are doing it.”

The newly released data goes beyond the period covered in the “U.S. Safety Report” that Uber released to the public in 2019. Uber’s report said that in 2017 and 2018 there were 5,981 accounts of sexual assault, 19 fatal physical assaults and 107 people killed in vehicular accidents in relation to its service throughout the United States.

In March 2020, Commissioner Genevieve Shiroma oversaw the reversal of the automatic secrecy granted for safety reports submitted by Uber and Lyft, but most of the data remains secret. Image from California Public Utilities Commission video.

Uber hailed its report as a model of corporate transparency, but as the Public Press reported, it was incomplete. In addition, it provided national totals only.

However, in a filing last year Uber said it had received 1,243 reports of alleged sexual assault and harassment in California during 2017 and 2018 that were included in its U.S. safety report total. Uber said these incidents constituted less than 0.00025% of rides in California during the time period.

Uber has said it would release an updated report by the end of this year.

But Clark said the commission must have its own reliable data to effectively monitor ride-hailing firms and protect the public.

“The commission needs to pick up their game on this issue,” he said. Referring to the court cases in which passengers claim they were injured by drivers for the companies, he added, “There clearly are people getting hurt.”


Updated 10/21/2021 to include commission attorney Rebecca Ruff’s statement that it was withholding “investigation records.”

Updated 10/22/2021 to note the publication of Lyft’s new paper on sexual assault.


Frank Bass contributed data analysis, and Jenny Kwon contributed visualizations.

This story was produced in partnership with the McGraw Center for Business Journalism at the Craig Newmark Graduate School of Journalism at the City University of New York. Support was also provided by the Fund for Investigative Journalism.

The Reporters Committee for Freedom of the Press provided legal review. Attorneys Shaila Nathu and Michael Risher provided guidance on public records laws. 

For previous coverage visit sfpublicpress.org/ride-hailings-dark-data.