Big fines aren’t the big deal

Uber decided to double-down in its race to the moral bottom. Not content with spying on customers, misleading regulators, employing sex-pests and generally having a toxic corporate culture, the taxi-subsidy service tried to conceal a hack that breached the personal details of more than 57m people, including drivers as well as riders.

Much is being made in the press of how big the fine for the breach could have been, if only it had happened after the 25th of May 2018, GDPR day. Up to 4% of global turnover, or €20m, whichever is the larger. Woo. They’ll probably get a substantial fine in the US anyway, since breach disclosure is already a legal requirement across the pond. Double-woo. They’ve just raised $10bn from Softbank. They don’t care.

Tell you what, though. After May next year, the ICO could make them care. It’s a Michael Caine moment: not a lot of people know this. Article 58, paragraph 2, section f. Oh yes. The regulator’s powers include the ability to “impose a temporary or definitive limitation, including a ban on processing.

In other words, if you don’t comply, the ICO can shut you down. That should get anyone’s attention.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s