GDPR

European Regulators Fine Uber Over 2016 Data Breach

• British and Dutch privacy regulators issued fines totaling approximately $1.2 million against ride-hailing company Uber over its 2016 data breach.

• According to the U.K.’s Information Commissioner’s Office, “a series of avoidable data security flaws” led to the exposure of personal information of approximately 2.7 million British Uber users, prompting a fine of £385,000.

• Similarly, the Dutch Data Protection Authority (DPA) fined the company €600,000 for the breach, predominantly for not reporting the breach to the DPA and data subjects within 72 hours.

Europe

Serbia Enacts New Data Protection Law

  • While its admission to the EU is pending, Serbia recently enacted its own GDPR-like data protection law, which goes into effect on August 21, 2019.
  • The new Serbian law applies to data controllers and processers both inside and outside Serbia that process the personal data of Serbs. Also like the GDPR, the law will require notification to the Serbian DPA within 72 hours of a breach and to affected individuals if the breach is likely to result in a high risk to their rights and freedoms.
  • Unlike under the GDPR, however, penalties are capped at €17,000.

U.S. Senate

Senators Grill FTC About Privacy Enforcement

  • In a hearing before the U.S. Senate’s Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security, all five Federal Trade Commission (FTC) commissioners faced questions about the agency’s privacy enforcement.
  • Senators, including subcommittee chair Jerry Moran (R-Kan.), suggested that the passage of the GDPR and California’s Consumer Privacy Act demonstrates the need for enhanced federal privacy legislation. The Commissioners agreed with this sentiment, noting that Section 5 of the FTC Act is an imperfect tool to enforce privacy rights.
  • According to FTC Chairman Joseph Simons, the Commission is “hopeful that Congress can craft legislation that would more seamlessly balance consumers’ legitimate concerns regarding collection, use and sharing of their data, while providing the flexibility to foster competition and innovation to the benefit of consumers.”