It wouldn’t be an exaggeration to say that this week’s news were sponsored by Pavel Durow’s arrest, even though there is so little information regarding his future. Nevertheless, I think it’s an interesting opportunity to follow public debate on that topic. Besides, Uber achieved some kind of the milestone in receiving enormous penalty fee for violating UE General Data Protection Regulation. Also, if you’ve ever wondered what’s worse than death, I’m here to give you one of probably many examples.
Über fee for Uber
Uber has found itself in hot water again, this time courtesy of Dutch and French privacy regulators, who have collectively slapped the ride-sharing giant with a massive €290 million ($324 million) fine. The reason? Uber was caught transferring European drivers’ personal data to the US without providing the necessary safeguards—a serious breach of the EU’s stringent data protection laws.
The Fine: A Record-Breaker
This fine is no small potatoes. It represents a maximum of 4% of Uber’s global annual turnover, which was around €34.5 billion in 2023. According to Bloomberg, this is the largest fine ever handed down by the Dutch Data Protection Authority (DPA). Uber, of course, is planning to fight back and has already indicated its intent to object to the fine. But given their past missteps, regulators may not be feeling too generous.
What Did Uber Do Wrong?
So, what exactly did Uber do to warrant such a hefty penalty? The DPA, in collaboration with the French data protection agency CNIL, discovered that Uber had been collecting sensitive information from European drivers and transferring it to the US without proper protection. We’re not just talking about basic info here—the data included account details, licenses, location data, photos, payment information, identity documents, and even, in some cases, criminal and medical records. According to European law, companies can only transfer such data if they guarantee an equivalent level of protection, which Uber apparently failed to do.
A History of Data Blunders
This isn’t the first time Uber has found itself in the crosshairs of data protection authorities. Back in December 2023, the DPA fined Uber €10 million for failing to provide accessible information to drivers and other data protection breaches, including inadequate online forms and incomplete privacy statements. And let’s not forget the €600,000 fine in 2018 after a cybersecurity incident compromised the personal data of 57 million Uber users worldwide.
GDPR: A Shield for European Privacy
The General Data Protection Regulation (GDPR) is designed to protect the fundamental rights of individuals in Europe by ensuring that their personal data is handled with care. But as Dutch DPA chairman Aleid Wolfsen pointed out, these protections aren’t always respected outside of Europe. He emphasized the importance of holding companies accountable, especially when governments outside the EU might not offer the same level of data protection.
What’s Next for Uber?
With this latest fine, Uber’s data protection practices are once again under scrutiny. As the company gears up to challenge the penalty, it might want to consider tightening up its data handling procedures. After all, with regulators watching their every move, another misstep could lead to even more costly consequences.
Source:
What’s worse than death?
In a plot straight out of a crime novel, 39-year-old Jesse Kipf from Somerset, Kentucky, has been sentenced to 81 months in prison for a series of cybercrimes, including hacking into state death registry systems to fake his own death. Kipf’s goal? To avoid paying child support.
The Great (But Failed) Escape
Kipf’s cyber escapades included breaking into the Hawaii Death Registry System in January 2023. Using the stolen credentials of a physician from another state, Kipf created a bogus death certificate for himself. He even went as far as digitally signing the certificate as the “medical certifier,” effectively registering himself as deceased in multiple government databases. But this wasn’t just a one-time stunt—Kipf also infiltrated other states’ death registries and private business networks, trying to sell access to these systems on the dark web.
Caught in the Net
Unfortunately for Kipf, his cyber-death didn’t go unnoticed. The FBI and other law enforcement agencies quickly caught on to his schemes. U.S. Attorney Carlton S. Shier IV described Kipf’s actions as “cynical and destructive,” emphasizing that his attempt to dodge child support was both “inexcusable” and criminal. Special Agent Michael E. Stansbury of the FBI’s Louisville Field Office underscored the lifelong impact of identity theft on victims, vowing to pursue those who engage in such “cowardly behavior.”
A Heavy Price to Pay
Kipf’s sentence includes 81 months in federal prison, where he’ll have to serve at least 85% of his time. Upon release, he’ll be under supervision for an additional three years. The total damage from his escapades—including unpaid child support and damage to government and corporate systems—amounted to nearly $196,000.
Kipf’s case serves as a stark reminder that while faking your own death might sound like a clever way to escape your problems, the consequences are very real—and very serious.
Source:
Pavel Durov - under fire
Pavel Durov, the founder and CEO of Telegram, is in hot water in France. After spending four days in police custody, he was formally placed under investigation on Thursday for a slew of serious criminal charges, including allegations of facilitating the distribution of child sexual abuse material (CSAM), enabling drug trafficking, and organized fraud.
The Arrest and Charges
Durov’s troubles began on August 24, when he was arrested after landing at Le Bourget Airport near Paris. The charges against him are serious: he’s accused of running a company complicit in storing and distributing CSAM, as well as facilitating drug trafficking and other illegal activities through Telegram. The Paris criminal court has also scrutinized Telegram’s cryptographic features, potentially tying them to money laundering activities.
Paris prosecutor Laure Beccuau confirmed the charges, noting that the investigation is moving forward. In the French legal system, being placed under formal investigation doesn’t automatically mean a trial will occur, but it does indicate that authorities have substantial grounds to continue probing.
A Broader Investigation
What started as a probe into CSAM quickly snowballed into a more extensive investigation into Telegram’s overall operations. The Paris court, backed by various French and European authorities, accused Telegram of failing to respond to judicial requests and turning a blind eye to illegal activities on its platform. Despite having 950 million monthly users, Telegram has minimal content moderation, which French authorities argue has enabled the platform to become a hub for criminal activities.
Durov’s legal team is pushing back, with his lawyer, David-Olivier Kaminski, calling it “absurd” to hold Durov responsible for crimes committed by others using the platform. However, this defense doesn’t address why Telegram allegedly ignored law enforcement requests, which seems to have escalated the investigation.
The Financial Angle: Money Laundering
In addition to the other charges, Durov is also under investigation for money laundering, potentially linked to Telegram’s cryptocurrency features. Telegram users can exchange a digital currency called Stars, which can be converted into Toncoin—a cryptocurrency associated with the platform. Authorities suspect that these features may not comply with “know your customer” (KYC) regulations, potentially facilitating illegal financial transactions.
What’s Next?
As the investigation continues, Durov is required to stay in France, with bail set at €5 million. He must also check in at a police station twice a week. Given the complexity and scope of the charges, the investigation is expected to last several months, if not longer. Whether Durov’s defense will hold up in court remains to be seen, but the case has already put a spotlight on Telegram’s role in moderating—or failing to moderate—its vast online community.
Sources: