Dutch Data Protection Authority is investigating a possible data breach at Tesla
Last Friday, the Dutch Data Protection Authority (AP) announced that it is currently considering whether there is a need to launch a major investigation into a data breach at American manufacturer of electric cars, Tesla.
Contents
Handelsblatt in possession of 100GB of data
The news followed closely on earlier reports by the German Handelsblatt. The newspaper claims to have received the data from a Tesla employee and immediately threw in the straight leg with the title of the article announcing the data breach. The caption reads: “My autopilot almost killed me!”
If based on truth, the leak indicates that Tesla has received many thousands of complaints about the driver assistance feature that Tesla markets as an autopilot. A name that gives the wrong impression to many people and can therefore count on a lot of criticism. A new California law even wants to prohibit car manufacturers, such as Tesla, from continuing to offer support-only functions as autonomous control. The current leak seems to confirm that Tesla itself is also aware of the dangers of their empty promises. It is not the first time that the company has been in trouble because of Musk’s big mouth.
The complaints indicate that Teslas driving on autopilot braked abruptly at high speeds. Or suddenly accelerated. Many Teslas also apparently find it difficult enough to drive into a parking space without breaking a sweat. It is not yet clear whether any of the complaints in the current leak resulted in fatalities or serious injuries. But if that’s the case, it’s not the first time.
Not just complaints
So far worrying messages, but why is the AP getting involved? That is due to the fact that the leak does not only contain complaints. Also included are many social security numbers, or their foreign equivalents, private e-mail addresses and telephone numbers. Salaries of employees and bank details of customers are also on the street. Because Tesla’s European headquarters is in Amsterdam, the Brandenburg counterpart called in the AP.
In total, the data of more than 100,000 people was leaked, mostly from former and current employees. Even Tesla CEO’s Social Security Number (yes, you may have forgotten it with all the news surrounding Twitter, but somewhere between torpedoing that platform and manipulating crypto rates Musk apparently finds the time to run Tesla) is at street.
Funnily enough, according to reports, it is a former Tesla employee who stole the data and has now revealed the personal information of so many former colleagues.
AP will keep its mouth shut for now
As befits an authority whose main role is to remain private, the AP wants to reveal as little as possible for the time being. “We have been informed and are looking into the matter. That’s all I can say about it,” said a spokesman. All further questions were thus settled.
Usually such an initial phase lasts a number of weeks, after which a final decision is made as to whether further investigation is necessary. Should that be the case and should it be concluded that Tesla has violated the GPDR (General Data Protection Regulation, the European privacy law), there could be major consequences. It is up to Tesla, as the custodian of this personal data, to protect it against unlawful disclosure. The maximum amount of the subsequent fine is 4% of annual sales, which amounts to approximately 3.26 billion euros, according to CNN.
GDPR seen as an example
Whether such a fine will induce Tesla to better protect personal data is open to question. Tesla, and Musk speaking of it, are not averse to a good lawsuit. Especially in America, governments are struggling to get big tech companies to comply with the law. Fines can be huge, yet people like Musk remain enormously wealthy even when their companies suffer losses. You could almost say that fines are seen as a normal part of doing business.
Yet GDPR is not a dog without teeth. The law has only been active since 2018 and is therefore still relatively young. But both in the US and on the other side of the Pacific, people look to GDPR as an example for their own privacy legislation. According to a two-year-old study by the International Center for Strategic Studies, there is already a discernible change in the behavior of large tech companies.
Tesla has had a stormy share price this year, mainly because of the remarkable behavior of foreman Musk. A fine of 300 billion euros is no sinecure even for a company like Tesla. By imposing a percentage fine and no predetermined amounts, companies are punished proportionally and the fine is not a ‘poverty tax’. Although the question remains whether the danger of the fine will get through to Elon.