Talk about timing the market.
Uber got lucky on its settlement amount with EU regulators.
Maybe you've seen the headlines that Uber settled with the European Union over its 2016 data breach by agreeing to pay the equivalent of just $1.2 million.
This pales in comparison to the $148 million settlement with all 50 U.S. states, along with how Uber is required to tighten cybersecurity.
Why is Uber's EU breach settlement so low?
Maybe you're wondering how Uber got off so cheaply in the EU.
And what happened to those massive fines under Europe's new data and privacy law, GDPR? We kept hearing scary numbers at SeucreWorld cybersecurity conferences.
Well, the breach happened before GDPR kicked in. This potentially saved Uber hundreds of millions of dollars in fines.
And get this: Under the previous rules in the UK, Uber was not even required to report the 2016 hack:
“Although there was no legal duty to report data breaches under the old legislation, Uber’s poor data protection practices and subsequent decisions and conduct were likely to have compounded the distress of those affected,” says Steve Eckersley, the director of investigations at the U.K. Information Commissioner’s Office.
So that's why Eckersley's words about Uber seem tougher than the fine.
“This was not only a serious failure of data security on Uber’s part, but a complete disregard for the customers and drivers whose personal information was stolen."
How much did Uber save on EU breach settlement?
So we know the timing of Uber's breach saved the company money, but how much are we talking about here?
Under GDPR, fines can be up to 4% of a company's global revenue.
In Uber's case, global revenue was north of $6 billion in 2016, which meant maximum fines would be around $240 million.
This means Uber potentially saved $238.8 million over what could have been.
Talk about timing the market.
