Dutch authorities have fined ride-hailing giant Uber €290 million for unlawfully transferring the personal data of European drivers to the United States, breaching EU data protection laws.
The Dutch Data Protection Authority (DPA) issued the substantial fine, revealing that Uber had failed to implement necessary safeguards when transferring this sensitive information, thereby violating the General Data Protection Regulation (GDPR).
The investigation into Uber’s data transfer methods was initiated following a complaint from French taxi drivers. In response, the French data protection regulator, CNIL, worked closely with the Dutch DPA, leading to the discovery of significant shortcomings in Uber’s handling of sensitive driver information. The DPA highlighted that not only did Uber transfer the data, but it also inadequately protected it, constituting a serious infringement of GDPR standards.
While Uber has since halted the disputed cross-border data transfers, the company has expressed strong disagreement with the DPA’s decision. Uber spokesperson Caspar Nixon described the fine as “extraordinary and unjustified,” arguing that the company’s practices were in line with GDPR during a “period of immense uncertainty” between the EU and the U.S. regarding data protection agreements.
Uber intends to appeal the ruling, expressing confidence that it will succeed in overturning the fine. Under the EU’s GDPR, one of the world’s most stringent data protection frameworks, companies must ensure that any data transferred outside the EU is adequately protected—a standard that the DPA determined Uber had not met.
Discover more from NaijaOne
Subscribe to get the latest posts sent to your email.