EU's data protection bods join the party to investigate Uber breach told to sever ties with 'grubby, unethical' company

By Rebecca Hill


The massive Uber data breach will be discussed by the European Union's data protection authorities next week.

The group, known as the Article 29 Working Party, is meeting on November 28-29 and has put the hack, which affected 57 million users, high on its agenda.

A spokeswoman for the group, which is chaired by Isabelle Falque-Pierrotin from France's data protection authority, said that the aim was to better coordinate national investigations.

This might include writing to Uber's CEO to push for full information to be released – as it did for the Yahoo data breach – or to launch a full taskforce.

The spokeswoman noted that the group had already formed taskforces for Google, Facebook and Microsoft in the past.

And one was recently set up to investigate WhatsApp's privacy policies, which it said are at odds with the EU's data protection laws.

Elsewhere in its meeting, the group will consider the first annual review of the Privacy Shield agreement that governs transatlantic data flows.

Uber has, as yet, failed to offer authorities any further information about those affected by the breach, which happened in October 2016 but was only revealed this week.

A spokeswoman for the biz said that this information would not be released until it completes the process of notifying regulators and government authorities, and "expect to have ongoing discussions with them".

Meanwhile, the breach was discussed in UK Parliament yesterday, where digital minister Matt Hancock confirmed that the first he heard of it was in media reports.

"As far as we are aware, the first notification to UK authorities – whether the Government, the [Information Commissioner's Office] or the [National Cyber Security Centre] – was through the media," Hancock told MPs.

Wes Streeting, Labour MP for Ilford North, said it was "outrageous" that Uber had hushed up the breach, and urged the government to sever ties with the ride-hailing firm.

I am pro-tech, pro-competition and pro-innovation, but given that Uber stands accused by the Metropolitan Police of failing to handle serious allegations of rape and sexual assault appropriately, given that Uber has to be dragged through the courts to provide its drivers with basic employment rights and to pay its fair share of VAT and given that we now know that Uber plays fast and loose with the personal data of its 57 million customers and drivers, is it not time that the Government stopped cosying up to this grubby, unethical company and started standing up for the public interest?

Hancock didn't respond directly to that comment, instead noting that taxi licensing was an issue for local authorities, as well as taking the opportunity to plug the higher fines that would be available to the ICO under the government's proposed Data Protection Bill. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Cambridge Analytica seeks data protection assistant

Jobseeker? You may have heard of it...

Why, hello Rubrik's Trello: Data protection biz leaves productivity tool open to world+dog

Anyone with URL could see lists of case study projects's Brexiteers warned not to push for divergence on data protection laws

As PM lacks specifics on UK’s desired ‘adequacy-plus’ deal

Uber hack: EU data protection bods launch taskforce

Justice commissioner slams biz for 'irresponsible' behaviour

Big tech wants the ICO on EU data protection board in Brexit fallout

Watchdog keeping voting rights 'huge gain' for marketing sector, say Facebook, Google et al

UK regulator moots data protection sandbox for organisations to play in

ICO strategy outlines plans to slurp up academic expertise

Austrian privacy chief handed leash to EU's data protection beast

Group warms up for greater powers once GDPR hits

Facebook smartmobe app's pre-ticked privacy settings violate German data protection law

Court favours consumer group in long-running dispute

Don't sweat Brexit, big biz told: Your shiny data protection sticker will remain intact

Survey reveals GDPR training and investment is on the rise told: Scrap immigration exemption from Data Protection Bill or we'll see you in court

Campaigners say proposed law would create a 'discriminatory' system for data access rights