pdpc_decisions_version_detail (view)
2 rows where "date" is on date 2019-06-11 and title = "Breach of Protection Obligation by GrabCar"
This data as json, CSV (advanced)
Suggested facets: _commit_at (date), date (date), timestamp (date), tags (array), _changed_columns (array)
| _commit_at | _commit_hash | _id | _item | _version | _commit | description | tags | date | pdf-url | nature | title | url | timestamp | pdf-content | decision | _item_full_hash | _changed_columns |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 156 | 156 | 1 | 952 | A financial penalty of $16,000 was imposed on GrabCar for failing to put in place reasonable security arrangements to protect the personal data of its customers from unauthorised disclosure. Personal data of a customer was disclosed to one other customer via an email sent out by GrabCar. | [
"Protection",
"Financial Penalty",
"Transport and Storage",
"PHV",
"Private Hire Vehicle"
] |
2019-06-11 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision--Grabcar-Pte-Ltd-Emails--110619.pdf | Protection | Breach of Protection Obligation by GrabCar | https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/breach-of-protection-obligation-by-grabcar-financial-penalty | 2019-06-11 | GrabCar Pte. Ltd [2019] SGPDPC 15 COMMISSIONER FOR PERSONAL DATA PROTECTION [2019] SGPDPC 15 Case No DP-1801-B1526 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And (1) GrabCar Pte. Ltd. (UEN No. 201427085E) … Organisation DECISION 1 GrabCar Pte. Ltd [2019] SGPDPC 15 GrabCar Pte. Ltd. Tan Kiat How, Commissioner — Case No DP-1801-B1526 11 June 2019 1 This case concerns the unauthorised disclosure of the names and mobile phone numbers of 120,747 GrabCar Pte. Ltd. (the “Organisation”) customers in marketing emails sent out by the Organisation (the “Incident”). On 5 January 2018, GrabTaxi Holdings Pte. Ltd., a related corporation of the Organisation, 1 notified the Personal Data Protection Commission of the Incident on behalf of the Organisation. The Commissioner’s findings and grounds of decision based on the investigations carried out in this matter are set out below. Material Facts 2 The Organisation is part of the Grab Group, which offers, among other things, ride- hailing transport services, food delivery and payment services on its mobile platform. As part of its marketing strategy, the Organisation regularly conducts marketing campaigns to reach out to targeted customers. These frequently involves sending emails offering special promotions to selected customers. 3 On 17 December 2017, the Organisation sent out 399,751 marketing emails to a targeted group of customers as part of a marketing campaign (“Marketing Campaign”). Out of the emails sent on that date, 120,747 emails contained the name and mobile phone number2 of another customer, i.e. the email was sent to User A’s (the intended recipient) email address but User B’s (the mismatched customer) name and mobile phone number was reflected in the email as that of the intended recipient (the “Mismatched Emails”). 4 Shortly after the Mismatched Emails were sent out, the Organisation’s Customer Experience team reported an increased number of customer queries regarding the unauthorised disclosu… | Financial Penalty | 7e78075cc7309a399647c800c3e751c80479ea85 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
| 2023-10-01T11:02:10+08:00 | fbd32491db44d3d0c97aa12a99cefd61ec954264 | 157 | 157 | 1 | 952 | Directions were issued to GrabCar for failing to put in place reasonable security arrangements for GrabHitch drivers to protect the personal data of passengers that used GrabHitch services. Personal data of some GrabHitch passengers were disclosed by GrabHitch drivers without consent on social media. | [
"Protection",
"Directions",
"Transport and Storage",
"PHV",
"Private Hire Vehicle"
] |
2019-06-11 | https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Commissions-Decisions/Grounds-of-Decision--Grabcar-Pte-Ltd-GrabHitch--110619.pdf | Protection | Breach of Protection Obligation by GrabCar | https://www.pdpc.gov.sg/all-commissions-decisions/2019/06/breach-of-protection-obligation-by-grabcar-directions | 2019-06-11 | PERSONAL DATA PROTECTION COMMISSION [2019] SGPDPC 14 Case Nos DP-1702-B0508/DP-1703-B0613 In the matter of an investigation under section 50(1) of the Personal Data Protection Act 2012 And Grabcar Pte. Ltd. [UEN 201427085E] … Organisation ________________________________________________________ DECISION ________________________________________________________ Grabcar Pte. Ltd. [2019] SGPDPC 14 Grabcar Pte. Ltd. [2019] SGPDPC 14 Yeong Zee Kin, Deputy Commissioner – Case Nos DP-1702-B0508/DP-1703B0613 11 June 2019 Introduction and facts of the cases 1 This decision addresses, in the main, the obligations of an online ride- sharing platform and drivers who use the platform to provide carpool rides to passengers. Grabcar Pte Ltd (the “Organisation”) operates an online platform through the Grab mobile application (the “Grab App”) which enables individuals to book taxis or private cars for transportation services. The Grab App also provides a carpooling option, referred to in the app as “GrabHitch”. GrabHitch matches a passenger with a driver who is willing to give a lift to the passenger on the way to the driver’s destination in return for a fee. The Organisation states on its website,1 “GrabHitch is a social carpooling platform powered by everyday, non-commercial drivers giving you a lift along the way to cover petrol costs.”2 2 This decision relates to separate complaints by two passengers (the “Complainants”) who used GrabHitch to book carpool rides. The carpool rides were provided by two different drivers (the “Drivers”) on separate occasions. 1 www.grab.com/sg/hitch/ The Organisation’s website also states that GrabHitch is provided in compliance with the Road Traffic (Car Pools) (Exemption) Order 2015. 2 2 Grabcar Pte. Ltd. [2019] SGPDPC 14 Nevertheless, the two complaints are dealt with together in this decision as they both relate to similar issues, in particular, to the issue of disclosure of passengers’ personal data without consent by GrabHitch drivers. 3 The substance of each compla… | Directions | b13cfd3e762e67fa7f3823843de7d5cae693b203 | [
"pdf-content",
"timestamp",
"decision",
"pdf-url",
"tags",
"nature",
"url",
"title",
"date",
"description"
] |
Advanced export
JSON shape: default, array, newline-delimited
CREATE VIEW pdpc_decisions_version_detail AS select
commits.commit_at as _commit_at,
commits.hash as _commit_hash,
pdpc_decisions_version.*,
(
select json_group_array(name) from columns
where id in (
select column from pdpc_decisions_changed
where item_version = pdpc_decisions_version._id
)
) as _changed_columns
from pdpc_decisions_version
join commits on commits.id = pdpc_decisions_version._commit;