The ride-hailing giant Uber has been slapped with a €290 million ($324 million) fine by Dutch regulators for transferring European drivers' personal data to US servers, violating EU privacy rules, the BBC reports.
The Dutch Data Protection Authority (DPA) announced on Monday that Uber's actions constituted a "serious violation" of the EU's General Data Protection Regulation (GDPR). According to the watchdog, the company failed to adequately protect driver information when transferring it to its US headquarters over a two-year period. DPA chairman Aleid Wolfsen emphasized, "That is very serious. Uber failed to meet GDPR requirements to ensure the level of protection to the data with regard to transfers to the US."
The transferred data reportedly included sensitive information such as ID documents, taxi licenses, location data, photos, payment details, and in some cases, even criminal and medical records of drivers.
Uber has been fined $324 million for transferring European drivers' data to the US. The fine followed an investigation triggered after a French organization advocated on behalf of over 170 taxi drivers in the country. Read the full story here: https://t.co/IXpOjBXZlJ pic.twitter.com/8fTclCHaYk
— Reuters Business (@ReutersBiz) August 26, 2024
"Uber's cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and US," an Uber spokesperson said. "This flawed decision and extraordinary fine are completely unjustified," they added.
The investigation was initiated after more than 170 French drivers filed complaints with a French human rights group, which then escalated the issue to France's data protection watchdog. Under GDPR rules, Uber's European headquarters in the Netherlands made the Dutch DPA responsible for handling the case.
Wolfsen emphasized the importance of GDPR in protecting individuals' rights in Europe. "In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care," he explained.
This marks the third fine imposed on Uber by the Dutch DPA, following penalties of €600,000 ($669,960) in 2018 and €10 million ($11 million) last year. The regulators' action aligns with the EU's broader efforts to enforce data protection rules and impose significant fines on tech companies for violations.
The EU has been ramping up its regulatory efforts against big tech firms in recent years, with Irish regulators fining TikTok €345 million ($385 million) last year for violating children's privacy under GDPR rules.
