The Netherlands has imposed a $324m fine on Uber for violations related to data transfer
On Monday, the Dutch Data Protection Authority announced a €290 million fine, approximately $324 million, against Uber for transferring European drivers’ personal data to U.S. servers. The regulator deemed these transfers a “serious violation” of the European Union’s General Data Protection Regulation (GDPR), citing inadequate protection of driver information.
Aleid Wolfsen, Chairman of the Dutch Data Protection Authority, stated, “Uber failed to meet GDPR requirements for ensuring adequate protection of data during transfers to the U.S., which is very serious.”
The DPA reported that Uber collected sensitive European driver information, including taxi licenses, location data, photos, payment details, identity documents, and, in some cases, criminal and medical records. Over a period of two years, this data was transferred to Uber’s U.S. headquarters without using the necessary transfer tools, compromising data protection.
Uber announced it would appeal the fine, with a spokesperson stating, “This flawed decision and the extraordinary fine are completely unjustified. Uber’s cross-border data transfer process was GDPR-compliant during three years of uncertainty between the EU and the U.S. We will appeal and remain confident that common sense will prevail.”