What's going on?
On Tuesday, Uber – the ride-hailing company potentially worth $120 billion – was fined over $1 million for data breaches that affected European customers (tweet this).
What does this mean?
Uber was hacked in 2016 – with the names, phone numbers, and email addresses of 57 million customers compromised. But the company didn’t notify those affected – and instead paid the hackers $100,000 to keep quiet.
In September, the company agreed to pay a $148 million fine in the US for not telling people (and regulators) there that their data was compromised. Now, Europe is catching up. UK regulators on Tuesday fined Uber $500,000 for the three million Brits affected, and Dutch regulators fined it $700,000. The company can count itself lucky, though: if the data breach happened today, it’d be on the hook for 4% of its $7.5 billion global revenue, thanks to new European data privacy laws.
Why should I care?
For markets: Beware the regulator.
Regulatory scrutiny has battered Uber’s windscreen of late. In London, the company’s simultaneously arguing with the courts and its drivers about whether they’re freelancers or full employees entitled to benefits and holiday pay. That might all be for nothing: Uber’s current London license is probationary, subject to good behavior over the next year. Elsewhere, in August, New York announced a cap (albeit temporary) on new taxi licenses. With Uber reporting slowing revenue growth last quarter and loading up with more debt, the company will need to turn things around soon – and avoid any more conflicts – in order to keep on feeding the meter.
For you personally: Prepare for tougher data laws.
Facebook’s leaky walls have prompted lawmakers at home and abroad to ponder whether tech companies can be trusted to self-police, or if new regulations are needed – the social media giant was slammed in Britain’s Parliament on Tuesday. More rules might hamstring firms’ future growth, but would put more power into users’ hands – like Europe’s recent “right to erasure”.