A whistleblower leaked a massive trove of data about the electric carmaker Tesla to the German publication Handelsblatt.
The leak included thousands of customer complaints about Tesla, particularly the company’s full self driving (FSD) system, the car’s autopilot. “The Tesla files contain thousands of reports about complications with the driver assistance systems, complaints of Tesla vehicles suddenly braking at full speed, or accelerating suddenly,” Sebastian Matthes, the outlet’s editor-in-chief, wrote in an editor’s note on May 25 about what he’s calling the Tesla Files. (His statement has been translated and lightly edited for clarity.)
While this is a public relations nightmare for Tesla, it could also present serious legal problems. The data leaked included customer bank details, the salaries of 100,000 Tesla employees, and information about Tesla CEO Elon Musk’s personal vehicle and even his social security number, the German outlet wrote.
The Dutch Data Protection Authority is already investigating. Tesla’s European headquarters is in Amsterdam. “We are aware of the Handelsblatt story and we are looking into it,” an agency spokesperson told Reuters.
A potentially record-setting GDPR fine
The EU’s sweeping privacy law, the General Data Protection Regulation (GDPR), allows EU countries to fine companies up to 4% of annual revenue for infringement.
For Tesla, which brought in $81.5 billion in revenue in 2022 according to its end-of-year earnings report (pdf), that could amount to a $3.3 billion fine.
That would be the largest GDPR fine since the data privacy law went into effect in 2018, surpassing the recent fine leveled against Meta. The Facebook parent company was fined $1.3 billion by Ireland’s Data Protection Commission on May 22 over illegal data transfers of Facebook user data between the EU and US.
A Tesla fine under GDPR could blow that figure out of the water.