EU's data protection bods join the party to investigate Uber breach told to sever ties with 'grubby, unethical' company

By Rebecca Hill


The massive Uber data breach will be discussed by the European Union's data protection authorities next week.

The group, known as the Article 29 Working Party, is meeting on November 28-29 and has put the hack, which affected 57 million users, high on its agenda.

A spokeswoman for the group, which is chaired by Isabelle Falque-Pierrotin from France's data protection authority, said that the aim was to better coordinate national investigations.

This might include writing to Uber's CEO to push for full information to be released – as it did for the Yahoo data breach – or to launch a full taskforce.

The spokeswoman noted that the group had already formed taskforces for Google, Facebook and Microsoft in the past.

And one was recently set up to investigate WhatsApp's privacy policies, which it said are at odds with the EU's data protection laws.

Elsewhere in its meeting, the group will consider the first annual review of the Privacy Shield agreement that governs transatlantic data flows.

Uber has, as yet, failed to offer authorities any further information about those affected by the breach, which happened in October 2016 but was only revealed this week.

A spokeswoman for the biz said that this information would not be released until it completes the process of notifying regulators and government authorities, and "expect to have ongoing discussions with them".

Meanwhile, the breach was discussed in UK Parliament yesterday, where digital minister Matt Hancock confirmed that the first he heard of it was in media reports.

"As far as we are aware, the first notification to UK authorities – whether the Government, the [Information Commissioner's Office] or the [National Cyber Security Centre] – was through the media," Hancock told MPs.

Wes Streeting, Labour MP for Ilford North, said it was "outrageous" that Uber had hushed up the breach, and urged the government to sever ties with the ride-hailing firm.

I am pro-tech, pro-competition and pro-innovation, but given that Uber stands accused by the Metropolitan Police of failing to handle serious allegations of rape and sexual assault appropriately, given that Uber has to be dragged through the courts to provide its drivers with basic employment rights and to pay its fair share of VAT and given that we now know that Uber plays fast and loose with the personal data of its 57 million customers and drivers, is it not time that the Government stopped cosying up to this grubby, unethical company and started standing up for the public interest?

Hancock didn't respond directly to that comment, instead noting that taxi licensing was an issue for local authorities, as well as taking the opportunity to plug the higher fines that would be available to the ICO under the government's proposed Data Protection Bill. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Er, we have 670 staff to feed now: UK's ICO fines 100 firms that failed to pay data protection fee

Enforcing GDPR is expensive work, says watchdog

Campaigners call for immigration exemption in UK's Data Protection Act to be scrapped

Judicial review into law launched

Cambridge Analytica seeks data protection assistant

Jobseeker? You may have heard of it...

Reel talk: You know what's safely offline? Tape. Data protection outfit Veeam inks deal with Quantum

Magnetic strips barrier to ransomware, burble box-flingers

US tech circles wagons as India reviews data protection proposals

Ex-Cisco CEO-chaired lobby leading the charge

IT management software crowd Kaseya buys cloudy data protection crew Spanning

Private equity holdings shuffle

Why, hello Rubrik's Trello: Data protection biz leaves productivity tool open to world+dog

Anyone with URL could see lists of case study projects

Uber hack: EU data protection bods launch taskforce

Justice commissioner slams biz for 'irresponsible' behaviour's Brexiteers warned not to push for divergence on data protection laws

As PM lacks specifics on UK’s desired ‘adequacy-plus’ deal

Big tech wants the ICO on EU data protection board in Brexit fallout

Watchdog keeping voting rights 'huge gain' for marketing sector, say Facebook, Google et al