Dutch DPA: Uber fined for data breach

delroth · on Nov 27, 2018

Nothing to do with GDPR, in fact the breach predates it (2016). The Netherlands already had regulations in place that mandate reporting data breaches, through the Dutch Data Protection Act.

bryanrasmussen · on Nov 27, 2018

imagine how high the fine could be if it was really under GDPR!

ckastner · on Nov 27, 2018

> The Dutch Data Protection Authority (Dutch DPA) imposes a fine of €600.000

What a bargain! In the US, they settled for $148 million [1].

[1] https://www.nytimes.com/2018/09/26/technology/uber-data-brea...

mettamage · on Nov 27, 2018

Hmm let's see with some back of the envelope calculation.

148 / 320 = 0.4625

0.6 / 17 = 0.035

Hmm, yea you're right.

duckerude · on Nov 27, 2018

It seems data of ~25,000,000 US users was leaked, and of ~174,000 Dutch users.

148 / 25 = 5.92

0.6 / 0.174 = 3.45

That's more proportionate.

darrenf · on Nov 27, 2018

The article makes no mention of GDPR, and the fine was levied due to (in)action after a breach in 2016. Is this really GDPR related as the title says?

majinb00 · on Nov 27, 2018

It is not GDPR but a previous local law that has been used since GDPR was not applicable in 2016 when the breach did occur.

fybe · on Nov 27, 2018

Can a mod alter the title? Nothing to do with GDPR. OP is a bit confused it seems.

This was an independent action by the Dutch Data protection authority.