EU's data protection bods join the party to investigate Uber breach
UK.gov told to sever ties with 'grubby, unethical' company
The massive Uber data breach will be discussed by the European Union's data protection authorities next week.
The group, known as the Article 29 Working Party, is meeting on November 28-29 and has put the hack, which affected 57 million users, high on its agenda.
A spokeswoman for the group, which is chaired by Isabelle Falque-Pierrotin from France's data protection authority, said that the aim was to better coordinate national investigations.
This might include writing to Uber's CEO to push for full information to be released – as it did for the Yahoo data breach – or to launch a full taskforce.
The spokeswoman noted that the group had already formed taskforces for Google, Facebook and Microsoft in the past.
And one was recently set up to investigate WhatsApp's privacy policies, which it said are at odds with the EU's data protection laws.
Elsewhere in its meeting, the group will consider the first annual review of the Privacy Shield agreement that governs transatlantic data flows.
Uber has, as yet, failed to offer authorities any further information about those affected by the breach, which happened in October 2016 but was only revealed this week.
A spokeswoman for the biz said that this information would not be released until it completes the process of notifying regulators and government authorities, and "expect to have ongoing discussions with them".
Meanwhile, the breach was discussed in UK Parliament yesterday, where digital minister Matt Hancock confirmed that the first he heard of it was in media reports.
"As far as we are aware, the first notification to UK authorities – whether the Government, the [Information Commissioner's Office] or the [National Cyber Security Centre] – was through the media," Hancock told MPs.
Wes Streeting, Labour MP for Ilford North, said it was "outrageous" that Uber had hushed up the breach, and urged the government to sever ties with the ride-hailing firm.
I am pro-tech, pro-competition and pro-innovation, but given that Uber stands accused by the Metropolitan Police of failing to handle serious allegations of rape and sexual assault appropriately, given that Uber has to be dragged through the courts to provide its drivers with basic employment rights and to pay its fair share of VAT and given that we now know that Uber plays fast and loose with the personal data of its 57 million customers and drivers, is it not time that the Government stopped cosying up to this grubby, unethical company and started standing up for the public interest?
Hancock didn't respond directly to that comment, instead noting that taxi licensing was an issue for local authorities, as well as taking the opportunity to plug the higher fines that would be available to the ICO under the government's proposed Data Protection Bill. ®
Sponsored: Becoming a Pragmatic Security Leader