Punishment against Uber (FR)
In the fall of 2016, data from approximately 57 million customers were stolen, including about 1.4 million Frenchmen. Uber concealed this incident and paid the attackers $ 100,000, – for assurances that the data will be deleted. The French data protection agency CNIL imposed a fine of € 400,000 on the company due to the incident. The French Data Protection Act states that data breaches must be reported to the relevant regulatory authority within 72 hours. This rule can also be found in the GDPR. Uber consciously ignored this obligation.
The incident occurred before the entry into force of the GDPR, so the fine was imposed under the French Data Protection Act, which provides for a maximum fine of three million euros. As a result of this incident, the UK also imposed a fine of £ 500,000 on the company, which was the maximum penalty under the then UK Data Protection Act.
Entscheidungsdatum:
19.12.2018
Land:
France
Art des Verstoßes:
Theft of Data
Betroffene Datensätze:
1 400 000
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 400,000,-
Violation of GDPR Paragraph:
unknown
Quelle: