Ride-hailing giant Uber has been fined 290 million euros ($324 million) by Dutch regulators for violating EU privacy rules by transferring personal information of European drivers to servers in the United States. BBC I will report.
The Dutch Data Protection Authority (DPA) said on Monday that Uber’s actions constituted a “serious breach” of the EU’s General Data Protection Regulation (GDPR). It said the company had failed to adequately safeguard driver information when transferring it to its US headquarters over a two-year period. “This is very serious,” DPA chairman Aleid Wolfsen stressed. “Uber has not met the GDPR’s requirements to guarantee a level of data protection for transfers to the US.”
The data transferred reportedly included identity documents, taxi licences, location information, photos, payment details and, in some cases, sensitive information such as the drivers’ criminal records and medical records.
Uber has been fined $324 million for transferring European driver data to the US. The fine is the result of an investigation launched after a French group advocated on behalf of over 170 taxi drivers in the country. Read the full story here: https://t.co/IXpOjBXZlJ pic.twitter.com/8fTclCHaYk
— Reuters Business (@ReutersBiz) August 26, 2024
“Uber’s cross-border data transfer processes have been compliant with GDPR during three years of significant uncertainty between the EU and the US,” an Uber spokesperson said, adding that “this incorrect decision and outlandish fine is completely unjustified.”
The investigation was launched after more than 170 French drivers filed a complaint with a French human rights organisation, which then escalated the matter to the French data protection watchdog. Uber’s European headquarters in the Netherlands referred the matter to the Dutch data protection authority, as required by GDPR.
Wolfsen emphasized the importance of the GDPR in protecting the rights of individuals in Europe: “In Europe, the GDPR protects people’s fundamental rights by requiring companies and governments to handle personal data with care,” he explained.
This is the third fine imposed by the Dutch DPA on Uber, following 600,000 euros ($669,960) in 2018 and 10 million euros ($11 million) last year. The regulator’s measures are in line with the EU’s broader efforts to enforce data protection rules and impose heavy fines on tech companies that violate them.
The EU has tightened its grip on big tech companies in recent years, and Irish regulators last year fined TikTok 345 million euros ($385 million) for violating children’s privacy under GDPR rules.
