The Dutch Data Protection Authority has imposed a €290 million fine on Uber for failing to adequately protect the data of its European drivers.
This penalty arises from Uber’s transfer of driver data to the United States without appropriate safeguards, in breach of the European Union's General Data Protection Regulation (GDPR).
The regulatory body, overseeing Uber's European operations based in the Netherlands, determined that Uber committed a serious GDPR violation.
The authority highlighted that Uber did not ensure compliance with data protection standards during the transfer of data to the U.S.
Uber had collected sensitive information from European drivers, including taxi licenses, location data, photos, payment details, and identification documents. In some instances, this data included criminal and medical records.
The data was transferred to Uber’s headquarters in the U.S. for over two years without secure transfer methods, resulting in inadequate protection of personal information.
Uber has announced plans to appeal the fine, arguing that the decision and the substantial penalty are unjustified.
The company maintains that its cross-border data transfers were compliant with GDPR during the period marked by significant uncertainty between the EU and the US Uber remains confident that the appeal will demonstrate the fairness of its data protection practices.
Follow the latest news on Google News
