Uber has agreed to pay $20,000 (£13,700) and to strengthen its privacy policies to settle an investigation by New York’s attorney general.
It follows allegations that the app-based taxi company was able to monitor the whereabouts of passengers through its geolocation technology.
It also failed to report a major data breach to authorities in a timely way.
Uber said it had adopted all of the safety measures requested prior to reaching the settlement.
The investigation followed a BuzzFeed News story in 2014 that alleged one of its reporter’s rides had been tracked without her permission.
This was allegedly done through an internal company tool called “God View”, which shows the location of Uber vehicles and customers who have requested a car and which was reportedly widely available to corporate employees.
The attorney general also said Uber had taken five months to inform its drivers about a breach involving their personal data.
The breach, which affected 50,000 drivers, occurred in May 2014 and was discovered by Uber in September 2014.
But the firm admitted it did not tell its drivers or the public until February 2015.
Uber said it had already removed all personally identifiable information of riders from its location system and undergone a privacy audit.
According to the settlement, it must also encrypt GPS-based location information and authenticate any employee accessing this data for business purposes.
An Uber spokeswoman told the Wall Street Journal the firm was “pleased to have reached an agreement”.
“We are deeply committed to protecting the privacy and personal data of riders and drivers,” she said.