Uber would have been fined €20m for data breach under GDPR

If Uber had been subject to the GDPR, it would have had to pay a fine of 4% of its global annual revenue, or €20m (£17.75m), a cyber law barrister has said.

Uber would have been fined €20m for data breach under GDPR

It came to light yesterday that Uber had paid hackers to conceal a hack that affected 57 million customers and drivers. 

The GDPR, which comes into play in the UK and Europe next year,  are designed specifically to deal with such occurrences.

"Uber would have had to notify the regulator within 72 hours of being aware of the hack – not the year or so in this case," Dean Armstrong, cyber law barrister at Setfords Solicitors said. "As Uber hasn't released its figures we can't speculate as to the potential final cost of the fine but it is fair to say the regulator would come down hard and under the regulations, it would likely be in the tens of millions."

Nevertheless, Armstrong believes that the greater to cost to Uber would still be in terms of reputation. 

"Uber has played a risky game here, not only concealing the hack but exacerbating the problem by paying off the hackers. This will simply encourage them further and result in more attempts to steal personal data from organisations," he said. 

Just because the hack occurred in North America will not excuse Uber if it had happened after GDPR had come into play, Armstrong warned: "The regulations will apply to any EU citizen's data. Assuming that at least some of the 50 million records hacked were of EU citizens, then under the new rules GDPR would potentially see Uber punished under EU regulation."

If Uber wants to continue to operate in Europe next year it needs to "come clean". 

"It has much work ahead of it, but perhaps this lesson will finally signal to other organisations that law-makers, and the public have had enough of poor data protection provision," Armstrong concluded. 

Become a member of Campaign

Get the very latest news and insight from Campaign with unrestricted access to campaignlive.co.uk, plus get exclusive discounts to Campaign events.

Become a member

What is Campaign AI?

Our new premium service offering bespoke monitoring reports for your company.

Find out more

Looking for a new job?

Get the latest creative jobs in advertising, media, marketing and digital delivered directly to your inbox each day.

Create an alert now

Partner content