The Dutch Data Protection Authority (AP) has issued a 1000 fine to US-based ride-hailing company Uber for failing to fully disclose details of its European drivers’ data retention and for failing to disclose the non-European countries with which it shares data. A fine of 10,000 euros was imposed.
The DPA also found that Uber interferes with drivers’ right to privacy.
“Drivers have a right to know how Uber handles their personal data,” said Associated Press Chairman Alayed Wolfsen. “But Uber did not explain this clearly enough. should have been more diligent in providing information to drivers.”
“Transparency is a fundamental part of protecting personal data. If you don’t know how your personal data is being treated, you won’t know if you’re at a disadvantage or if you’re being treated unfairly. And you can’t protect your rights,” Wolfsen added.
Uber criticism from DPA
DPA found that Uber made it difficult for drivers to access personal data. The access request form is embedded within the app and distributed throughout the menu and could have been placed more logically.
Uber’s response to the request made the organization of personal data unclear and complicated to interpret.
Furthermore, the privacy terms do not specify how long Uber will retain drivers’ personal data or what specific security measures it will take when transmitting this information to entities in countries outside the EEA. . Aleid Wolfsen:
Additionally, Uber did not specify in its privacy terms how long it would retain drivers’ personal data and the security measures it would employ when transmitting this information to entities outside the European Economic Area (EEA).
“This shows that Uber is putting up all sorts of obstacles that prevent drivers from exercising their right to privacy, and that is prohibited,” Wolfsen said. In fact, Uber needs to promote driver rights. This is required by law. ”
Complaints from France
The DPA imposed the fine following complaints from more than 170 French drivers who reported it to French human rights organization Ligue des droits de l’Homme et du citoyen (LDH).
LDH then filed a complaint with the French Data Protection Authority, which forwarded the case to the Dutch Data Protection Authority (DPA), as Uber has its European headquarters in the Netherlands.
DPA calculated the fine by taking into account the size of the organization and the seriousness of the violation. At the time of the violation, approximately 120,000 drivers were working for Uber in Europe.
Although Uber appealed the DPA’s decision, the agency subsequently acknowledged that Uber had taken remedial steps to address the violations.
Overview of the Dutch Data Protection Authority
According to the DPA, every individual has the right to protection of their personal data, which is a fundamental right upheld by the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
As an independent regulator in the Netherlands, DPA ensures that all organizations comply with privacy laws and protect the privacy rights of individuals.
