In a recent post on the Uber website, Katherine Tassi, Uber’s managing counsel of data privacy, wrote that the updated policy was intended to more clearly and concisely explain the kinds of details the company gathered and how it used them.

“In the interest of transparency,” she cited two changes in particular: In addition to asking permission to obtain access to a customer’s location when the Uber app is running in the foreground, the updated policy allows the company to ask for location details when its app is running in the background; the company may also ask for access to a user’s contact list and use that information to send marketing promotions to contacts.

“In either case, users will be in control,” Ms. Tassi wrote. “They will be able to choose whether to share the data with Uber.”

But the EPIC letter contended that Uber had deceptively reassured consumers that they would be in control of their data when the updated policy actually deprived them of that control.

The updated policy, for instance, says that even if consumers deny Uber access to their precise location information from their devices, it will not limit the company’s “ability to derive approximate location from your I.P. address” — which is the numerical address assigned to users’ Internet connections and relayed when users visit an app or website. In other words, even if certain customers expressly decline to share their whereabouts, Uber’s updated policy allows the company to collect some location information anyway.