Research

Uber Fined for 2016 Data-Breach

Written by Reflare Research Team | Nov 30, 2018 3:43:00 PM

Uber was recently fined for failing to protect the data of 57 million users worldwide in 2016. This comes under the EU-wide GDPR 2018, which was adopted into law after a “one-year grace period”.

First Published 30th November 2018

This wasn't the first time Uber had been found to have acted carelessly.

2 min read  |  Reflare Research Team

In 2016 Uber fell victim to a breach affecting 57 million of its users worldwide. Since some of the affected users were residents of the UK and Netherlands, authorities in these countries began investigating the leak and Uber’s behaviour in connection to it. Since the EU-wide GDPR regulations covering just such cases were only ratified in 2018, such investigations took place under the legal frameworks of the respective countries.

As a result, Uber was found to have acted carelessly with user data and fined GBP 385,000 in the UK and EUR 600,000 in the Netherlands.

What will the effects be?

This particular fine will have little effect on Uber, as it is minuscule when compared to the company’s revenues. However, the fine sets a precedent for breaches happening in the future. The practice of regulators fining companies for data breaches is relatively recent. Until the early 2010s, data breaches were seen as something to be merely regretted. While public and legal opinion on the severity of breaches has since changed, we still see relatively few actual fines being issued by regulators and other governing bodies.

The EU’s new GDPR legislation however makes fines much more potent, allowing regulators to impose fines of up to EUR 17 million or 4% of the company’s revenue. Fines in this range have a much higher potential to impact the overall earnings of large companies and thus exert pressure on the board of directors. After all, large fines are likely to impact share prices which will cause quick action by shareholders.

By establishing precedent in cases that occurred before the GDPR was enacted, governments are setting precedents that allow them to impose such high fines in future cases.

Summary

While we don’t believe the current fine will have a significant impact on Uber, the proceedings are nonetheless important as they set a precedent that will likely have a significant impact on the implementation of fines under GDPR rules.