The modern period is characterized by a notable shift in transportation patterns, with a growing dependence on ride-hailing applications such as Uber, OLA, In-Drive, Rapido, and others. But as society accepts these revolutionary shifts, it becomes crucial to recognize that each invention brings with it a unique set of difficulties. These applications are well known for their effective transportation services and for giving detailed information about drivers, such as complete names, photo IDs, phone numbers, and other vehicle details. These app-based services are seen to be safer than more conventional local transportation options like auto-rickshaws, where driver information is frequently ambiguous. Users must closely evaluate if the seeming safety of these services matches their real dedication to safety, notwithstanding this perception. To inform users and the general public about the implied agreements and possible hazards connected with these rules, this article explores the terms and conditions regulating various transportation applications in great detail. The investigation goes beyond examining the legal enforceability of click-wrap contracts, but also looks closely at the gaps and ambiguities in these contractual provisions. Furthermore, an examination of the regulatory modifications brought about by an increase in occurrences such as sexual assault, theft, and molestation involving users of these kinds of app services reveals how the regulatory framework’s safety measures are changing. (2)
inDriver Holdings Inc. (inDrive)
One of the famous incidents of In-Driver that caught media attention was the YSRCP MLC Ananta Uday Bhaskar murder case where the accused was alleged to have killed his former driver.
In-Driver is one of the cheapest means of app-based transportation services available in India. This company claims to be merely a mediator between the parties providing and accepting the transportation services. They do not hold themselves responsible for any settlement between the parties. The policy explicitly mentions their exclusion in settling payments. Although the idea of the same is to provide the space for the drivers and riders to reach a common settlement point, it creates a way for malpractices on the part of riders. They can potentially ask for a higher price than what was fixed in the pitching rounds. Furthermore, users agree to anything that could be detrimental to kids, offensive, unsafe, or otherwise objectionable; the risk lies with the riders. In addition to the risk posed by the transportation providers, the company disclaims any duty for any misconduct on the part of sponsors, advertising, and other third-party providers.
If you are associated with the app then you have consented to the company to have access to your data and share it with parent/subsidiary or affiliate of the corporate groups as a part of their legal operations. They may obtain the consent of the users however, there is no such legal mandate for them to do so. They can also share the same with consultants, lawyers, accountants, auditors and “other professional services.” Here, the vaguely written term “other” can include services that might not be necessary and could lead to misuse of data. It is also mentioned that the data can be shared with social media companies including Meta which has a different set of rules for data sharing. This may be used for background checks, identity verification, research and surveys, marketing, and advertising. This indicates that the data we as users put in the apps or permit to have access to from the device can be used for various other purposes other than transportation. The policies are explicit about the sharing of such data with other parties which exempts the company from liability of any sort. Moreover, the records of the app include the numbers of the driver and car details which can be later misused. Also, there is no proper facilitation to check whether the details given by the users are correct. Other than this, the customer care services for which the users do not have any record of their complaints, or the solution provided to them and hence, escape the liability.
ANI Technologies Pvt Ltd (Ola)
Even though Ola says that user privacy is its top priority, a deeper look at their privacy collecting statement raises serious questions about how personal data is protected. It gathers a lot of private information, frequently via background checks and photos, such as consumers’ financial information, location data, and even health-related data. Ola’s usage of user data for non-urgent service-related objectives, such as analytics and business intelligence, significantly erodes the company’s dedication to customer privacy. Although it is said that the service providers consent to privacy limits, there may be a risk to user privacy due to the vagueness of these controls and the large-scale sharing of personal information with messaging services, cloud storage providers, and analytics companies.
The terms and conditions make it clear that it will be collecting personal data from outside sources, such as credit agencies, payment processors, and businesses that provide background checks and identity verification. Due to the vague definition of the scope and kind of information gathered, users may be subject to possible privacy violations as a result of this extensive data gathering from other sources.
Secondly, unless a user specifically opts out, Ola can send direct marketing and other communications. These issues with user permission and control over their personal information may lead to a flood of unwanted communications. Additionally, there is a serious danger to user privacy when personal information is disclosed to unaffiliated third parties, connected companies, law enforcement, regulatory bodies, and marketing firms, especially those operating abroad. There are worries regarding the security and privacy of user information due to the lack of openness on the specific businesses engaged and the objectives for which it is shared.
Sections 17, 19, 20 and 21 of the Ola Customer Terms in particular contain rules that raise several issues including user rights, governance, dispute resolution, and term modifications. First of all, as per section 17 of the agreement, liability for statements and other communications made before or during the duration of the agreement is unaffected by anything in the Customer Terms. However, this leaves a potential for misunderstanding because it does not restrict culpability. Section 19 deals with controlling legislation and arbitration, and mandates that the parties try to resolve their differences via discussion before filing for arbitration.
Assignment and joint ventures are covered in Sections 21.3 and 21.4, respectively. The fact that Ola is able to transfer its rights and interests under the agreement without the users’ express approval may worry the users. Furthermore, the joint venture clause begs the question of how user rights and data would be handled in these kinds of situations. When it comes to waiver, Section 21.5 says that neither a delay nor a refusal to exercise rights under the Customer Terms shall be interpreted as a waiver. Even if this is a standard legal requirement, users could nevertheless be worried about how it might affect their rights. Section 21.6 on severability states that any provision deemed illegal or unenforceable in a specific country will be ineffective in that jurisdiction. Although this is a common legal clause, consumers could be worried about how it would affect the agreement’s overall enforceability. All things considered, these clauses raise questions about their clarity, user rights, and possible effects on data security and privacy. It’s possible that users won’t understand the full scope of their rights and protections under these conditions.
As far as safety is concerned, the company escapes from the liability in all sorts of incidents that occur between the service providers and riders. In one of the major incidents, a woman in Bengaluru was molested by Ola driver who coerced her to strip and took explicit pictures. The shocking incident indicates the urgent requirement for safety measures and strict accountability on the vulnerability of the passengers using such services.
Uber Technologies, Inc. (Uber)
Uber services are meant for majors i.e., individuals who have attained 18 years of age. There is an explicit mention of the required agreement of the terms. Even if one of the terms is in conflict, the user may not be able to have access to the services. Like Rapido, uber has no control over the information accessed by the third party and going by the policies, the company shall not be responsible or liable for any products or services of such third-party providers.
Uber has the power to unilaterally terminate contracts or refuse service access without explicit restrictions which raises concerns about service continuity and user security. These concerns are exacerbated by Uber’s broad disclaimer of duty, which releases the firm from accountability for a variety of losses, including bodily harm, even in cases where it is aware of possible problems. In one of the series of incidents, Shiv Kumar Yadav, an Uber driver, was charged with 100 pages by the Delhi Police for allegedly raping a 27-year-old executive lady. Sections 376, 366, 506, and 323 of the IPC are the subject of the accusations, and the evidence is supported by 44 prosecution witnesses. In another incident, after a driver was accused of sexual assault, Uber was hit with a formal complaint in Noida for failing to verify drivers and to maintain real-time surveillance. Uber’s absence of background checks has an adverse effect on its company and investor trust, as the police point out. Uber launched a “Safety Toolkit” in India in response to safety concerns, however, recent events highlight the difficulties in guaranteeing passenger protection. Uber disputes the claims, says it will take legal action in accordance with its worldwide safety policy, and awaits official word. Policy regarding liability restrictions and warranty disclaimers certainly raise questions about the dependability, promptness, and quality of services provided by third-party drivers. The arbitration provision introduces another level of complication, potentially restricting the users’ capacity to pursue local legal action, by requiring mediation and arbitration in India. These contractual clauses essentially cast doubt on the security and accountability that Uber provides to its consumers.
The other section reveals further details and provides insight into the company’s policies and procedures. Uber’s data sharing policies, outlined in the law enforcement guidelines, emphasize the need for legitimate legal procedures like subpoenas, court orders, or search warrants. Users may find it unsettling, nevertheless, because there is a vacuum about the protection of user privacy and the conditions that justify publication without authorization. Users experience a degree of unpredictability when they are aware that information is subject to change. Uber can also transfer agreements without user authorization which may affect users’ rights and duties. There are questions regarding responsibility over the broad disclaimer of liability, which includes disagreements with law enforcement. The lack of information on emergency request handling in detail and the policy of not alerting users before sharing their information with law police is highly concerning. 
Roppen Transportation Services Private Limited (Rapido)
The extent of background checks and the sharing of personal information with vendor partners and Captains raise more questions. The policy acknowledges exchanging data with third-party service providers, which runs counter to its non-sale clause. Additionally, the lack of an opt-out option for marketing messages may cause significant privacy issues. Because the data acquired is sensitive, users can also be concerned about the security mechanisms in place. Potential users may become more concerned due to the lack of explicit notice details for unilateral revisions and information gaps about the length of data retention; these issues imply a lack of acceptable openness, control over users’ data, and overall security. Other than this, Rapido shares user information with co-branded services, third-party service providers, and organizations associated with competitions and promotions. There are concerns over the scope of user permission and the necessity of such data transfers regarding the situations under which user information may be provided to affiliates, government authorities, and market research. User concerns are exacerbated by the exclusion of information gathered by service providers and the warning that security solutions are not impenetrable. In general, the way the policy handles user data including how it transfers during company changes may be interpreted as intrusive, raising questions regarding user control over their information and privacy.
Terms and Conditions for Captains raise several possible issues that consumers may find concerning. Concerns over data security and sharing methods are raised by the massive collection of personal information from Captains, which gives rise to privacy problems. Concerns around payment disputes, transparency, and even extra expenses like cancellation fees may arise from the direct payment method between Captains and Users. Concerns regarding Rapido’s liability restrictions may also arise from users, especially in light of the app’s accuracy. Captains’ behaviour, which prioritizes safety, following traffic laws, and abstaining from drugs and alcohol, is also a source of concern. Service quality may be impacted by concerns expressed about the uniformity and enforceability of the criteria set forth for captains.
In a disturbing incident, a Bengaluru Rapido bike driver is suspected of raping a female passenger who is 22 years old, and his companion is reportedly implicated. The woman was transported to the driver’s house instead of the friend’s, where she and his buddy were sexually attacked. Rapido promptly removed Shahabuddin, the driver who was charged, from its platform, denounced his behaviour, and said it fully supported the police probe. The event brings to light persistent safety issues in the ride-hailing sector. Rapido has implemented safety features, including emergency contacts and a customer-first philosophy, in response to the incident. Yet, the measures taken are enough and leave scope for further improvement to prevent such circumstances from occurring again.
Legal Enforceability and Guidelines on App-based Services
According to the court’s reasoning in Hotmail Corporation v. Van Money Pie Inc., click-wrap agreements—online contracts that ask users to click “I agree,” “I accept,” or checkbox buttons—have legal standing. The court upheld the validity of these contracts, stressing the importance of selecting “I agree” at the end of the terms and conditions. In India, click-wraps are considered enforceable under Section 10 of the Contract Act if they fulfil the requirements for a valid contract. The enforceability of e-contracts made using electronic sources is further strengthened under Section 10A of the Information Technology Act, 2000. Legal rulings, like the one in Trimex International FZE v. Vedanta Aluminium Limited, have acknowledged e-mail contracts as legitimate online agreements. Even though click-wraps include all the elements of a legitimate contract, it’s important to remember that the Income Tax Tribunal decided in Ddit (ltd) Mumbai v. Gujarat Pipavav Port ltd. that they may not be enforceable if one party has undue negotiation power. 
In response to the incidents mentioned above pointing out the requirement of proper regulation, the legal environment has changed. In December 2020, the Motor Vehicle Aggregator Guidelines were released as per the requirements and provisions of the Motor Vehicles (Amendment) Act, 2019 and further as per the amended Section 93 of the Motor Vehicles Act, 1988. The purpose of the same is to regulate the previously uncontrolled taxi aggregator market. This includes the regulation of app-based transport service providers. These rules include license awards to aggregators, fare restrictions, and compliance requirements for cars, and represent a coordinated effort to guarantee safety, equity, and transparency in the rapidly changing field of app-based transport services. The reason behind the introduction of new regulations pertaining to app-based transport service providers is that, until the 2019 modification, the term “aggregator” was not present in the Motor Vehicles Act, of 1988. To protect driver welfare and customer safety, it became necessary to formalize shared mobility, solve traffic congestion, lower pollution, and increase ease of doing business as a result of this legislative vacuum.
According to the rules, health insurance for taxi drivers must be connected with the aggregator and must start at Rs 5 lakh and increase by 5% yearly. Drivers must complete mandatory refresher courses covering topics such as the Motor Vehicles Act, effective app usage, vehicle maintenance, safe driving, gender sensitization, and contract terms. Additionally, these criteria stipulate that drivers must get at least 80% of the total cost for each journey. The rules also address the linguistic concerns of the aggregators. The applications shall now be available in English and Hindi, the two main languages spoken by riders, in addition to one official language of the state in which it is operating.
Additionally, it has been pointed out that the aggregators must store the data created by the app on an Indian server, and they must keep the data there for a minimum of three months and a maximum of twenty-four months after the date was created. The instructions further stated that no customer data will be released without the express written agreement of the client, by due process of law. The relevant state government must have access to these data. Also, ride-sharing services are now available to customers, with special accommodations for female travellers. When a female traveller wants to use ride-sharing, the aggregator must provide her with the choice to ride with another female traveller. Additionally, a weekly cap of two ride-sharing inter-city journeys and four ride-sharing intra-city excursions for each car with the driver has been placed in place for non-transport vehicles that are combined for ride-pooling. Additionally, riders must pay a cancellation fee equal to 10% of the entire cost, with a maximum of Rs 100. Additionally, the aggregator and the driver will split the rider’s cancellation penalty according to the agreed-upon commission rate.
Furthermore, the basic fee that clients using the aggregator service must pay is the city taxi rate as determined by the Wholesale Price Index (WPI) for the current year. Additionally, the basic charge for city taxis in the states where one has not yet been established will be either Rs. 25 or Rs. 30. Customers will be charged a minimum of 3 km as the basic minimum cost to cover dead miles, fuel used, and the distance driven to pick them up. The maximum surge pricing that the aggregators may impose is 1.5 times the base cost, and they are permitted to charge 50% less than the base fare. The government’s actions were intended to support asset utilization—the cornerstone of transport aggregation—as well as to validate the dynamic pricing principle, which is important for guaranteeing asset utilization due to supply and demand in the market.
In the modern world of app-based transportation services, as shown by services like Uber, Ola, InDrive, Rapido, and InDriver, the convenience factor is balanced against a complicated web of issues that demand careful consideration. Users’ growing reliance on these services makes it imperative to carefully examine the subtleties buried in their rules. The article methodically examined the terms and conditions of important industry participants, pointing out any potential dangers and openings that readers can unintentionally cross. The industry struggles with a variety of problems, from InDriver’s laissez-faire attitude to dispute resolutions that raises questions about possible malpractices to Ola’s privacy controls scrutiny for extensive personal data collection and Uber’s difficulties guaranteeing user safety despite broad disclaimers of liability.
Even if Rapido is more transparent, it still has issues with privacy, data security, and captain liability. The investigation of legal enforceability highlights how the law is changing in relation to app-based services and how important it is to comprehend click-wrap agreements. The Motor Vehicle Aggregator Guidelines, which were unveiled in 2020, represent a significant advancement in industry regulation, tackling issues such as data storage, surge pricing, and driver welfare and safety. These services all include liability disclaimers, which is a standard practice in the sector to absolve oneself of responsibility for situations, particularly those involving misbehaviour or assault. Events such as sexual assaults demonstrate the critical need for regulatory actions and lead to the creation of recommendations.
Further enhancing safety and transparency might be the possible implementation of procedures in India, including but not limited to real-time monitoring, enhanced background verification, resilient emergency response mechanisms, user education campaigns, community feedback systems, and frequent audits. Essentially, the identification of underlying regulatory concerns becomes critical as these app-based services transform travel behaviours. In addition to disclaimers and liability constraints, the one-sided contractual ties and worries about data sharing also raise issues about platform accountability, especially about user safety. The delicate balancing act between user privacy and legal compliance is highlighted by regulations governing data disclosures and law enforcement demands. In the end, a knowledgeable user navigating these nuances may support legislation that emphasizes user welfare, accountability, and transparency about app-based transportation services.
 Samson Raj, YSRC MLC Ananta Udaya Bhaskar confesses to killing his ex-driver, Times of India (May 24, 2022), https://timesofindia.indiatimes.com/city/vijayawada/ysrc-mlc-confesses-to-killing-his-ex-driver/articleshow/92042167.cms.
 ANI Technologies Pvt Ltd, Ola Pass AU – Terms & Conditions, Ola, https://www.olacabs.com/tnc?doc=australia-olapass-tnc (last visited Dec. 2, 2023). Woman allegedly forced to strip, pose for pics by Bengaluru Ola driver, The Economic Times (June 5, 2018), https://economictimes.indiatimes.com/news/politics-and-nation/woman-allegedly-forced-to-strip-pose-for-pics-by-bengaluru-ola-driver/articleshow/64469219.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst.
 Uber Rape: Police submit chargesheet against driver, India Today (Feb. 28, 2015), https://www.indiatoday.in/uber-shame/story/uber-rape-case-delhi-police-chargesheet-against-driver-shiv-kumar-yadav-232692-2014-12-24.
 Amil Bhatnagar, Woman assaulted by proxy driver: Noida Police file case against Uber, firm says yet to get FIR, The Indian Express, February 19, 2019, 01:05 IST, https://indianexpress.com/article/cities/delhi/woman-assaulted-by-proxy-driver-noida-police-file-case-against-uber-firm-says-yet-to-get-fir-5590114/.
 Uber Technologies, Inc., Terms and Conditions, Uber, https://www.uber.com/legal/en/document/?name=old-general-terms-of-use&country=india&lang=en (last visited Dec. 2, 2023)
 Roppen Transportation Services Private Limited, Terms and Conditions for Captains, Rapido, https://www.rapido.bike/CaptainTerms (last visited Dec. 2, 2023).
 Tapanjana Rudra, Rapido Driver Accused Of Raping Woman In Bengaluru, Startup Says Safety Utmost Priority, Inc42 (Nov. 30, 2022), https://inc42.com/buzz/rapido-driver-accused-of-raping-woman-in-bengaluru-startup-says-safety-utmost-priority/.
 Hotmail Corp. v. Van$ Money Pie, Inc., 1998 WL 388389 (N.D. Cal. 1998)
 Trimex International FZE Limited, Dubai v. Vedanta Aluminium Limited, India, 2010 (2) AWC 1170 (SC), JT 2010 (1) SC 474, (2010) 1 MLJ 1322 (SC), 2010 (1) SCALE 574, (2010) 3 SCC 1, 2010 (2) UJ 655 (SC)
 Ddit (ltd) Mumbai v. Gujarat Pipavav Port Ltd., 2017-LL-0210-119
 Central Inland Water Transport Corporation Ltd. & Anr. v. Brojo Nath Ganguly & Anr., 1986 AIR 1571, 1986 SCR (2) 278, Author: D Madon, Bench: Madon, D.P.
 Ministry of Road Transport and Highways, Government of India, Motor Vehicle Aggregators Guidelines 2020, Thursday, November 26, 2020, https://morth.nic.in/motor-vehicle-aggregators-guidelines-2020
This article is written and submitted by Sadhika during her course of internship at B&B Associates LLP. Sadhika is a 3rd year BA LLB student at OP Jindal Global University.