EU Justice Commissioner Věra Jourová will on Thursday criticize the ride-sharing giant Uber, calling its handling of a data breach “irresponsible.”
Uber last week revealed a massive data breach that occurred over a year ago but didn’t come to light because the company conspired to keep it hidden. The breach involved the personal information of 57 million Uber users and drivers.
“Uber waited for more than a year to inform the public and its customers about the breach,” Jourová will say at a data protection conference in Brussels.
“The [General Data Protection Regulation] will allow us to respond adequately to such irresponsible behavior,” she will say, according to an advance copy of her speech seen by POLITICO.
The EU’s flagship privacy law, GDPR, takes effect in May and allows regulators to fine companies up to 4 percent of their annual global turnover for mismanaging a data breach.
The commissioner’s criticism is the strongest condemnation of Uber from the EU since it revealed the data breach.
The company has faced a series of problems in Europe, including legal challenges in several countries over how it treats its drivers. Since September, it has been in a legal tussle with London’s transport authorities after facing a ban because it was not “fit and proper” and had shown a “lack of corporate responsibility.”
On Wednesday, European data protection authorities decided to set up a task force to investigate the data breach.
The so-called Article 29 Working Party said on its website it “established a taskforce on the UBER data breach case,” led by the Dutch data protection authority that will include members of the French, Italian, Spanish, Belgian, German and British authorities.