The Dutch Data Protection Authority (DPA) fined Uber a record €290 million ($324 million) for allegedly violating EU data protection laws while sending private driver information to the US.
Uber was fined a record €290 million ($324 million) by the Dutch Data Protection Authority (DPA) for allegedly breaking EU data protection regulations while transferring private driver information to the United States.
“The Dutch DPA found that Uber transferred personal data of European taxi drivers to the United States (U.S.) and failed to appropriately safeguard the data with regard to these transfers,” according to the agency.
According to the data protection watchdog, the action violates the General Data Protection Regulation (GDPR) in a “serious” way. The food delivery, courier, and ride-hailing services have stopped the practice in response.
Uber is thought to have gathered sensitive driver data and stored it on servers located in the United States for more than two years. This contained identification documents, photographs, location data, account information, taxi licenses, and payment information. In certain instances, it included the drivers’ criminal and health histories.
Uber was charged by the DPA for transferring data without using the proper procedures, particularly in light of the EU’s 2020 invalidation of the EU-US Privacy Shield. In July 2023, the E.U.-U.S. Data Privacy Framework—a replacement—was unveiled.
“Because Uber no longer used Standard Contractual Clauses from August 2021, the data of drivers from the E.U. were insufficiently protected, according to the Dutch DPA,” claimed the agency. “Since the end of last year, Uber has used the successor to the Privacy Shield.”
Uber stated that the fine is “completely unjustified” and that it plans to challenge the ruling in a statement that was shared with Bloomberg. It went on to say that the procedure for transferring data across borders complied with GDPR.
Uber was hit with a €10 million fine by the DPA earlier this year for not disclosing all of the information on the durations for which it keeps data on drivers in Europe as well as the non-European nations with which it exchanges that data.
“Uber had made it unnecessarily complicated for drivers to submit requests to view or receive copies of their personal data,” the DPA wrote in January 2024.
“In addition, they did not specify in their privacy terms and conditions how long Uber retains its drivers’ personal data or which specific security measures it takes when sending this information to entities in countries outside the [European Economic Area].”
The lack of comparable privacy protections in the United States with regard to data transfers within the European Union has put American corporations under scrutiny from data protection authorities in the past, creating fears that user data from users in Europe may be exposed to American surveillance operations.
In 2022, officials from Austria and France declared that the transnational transfer of Google Analytics data violated GDPR regulations.
Aleid Wolfsen, chairman of the DPA, stated, “Consider governments that can tap data on a large scale.” “That is why businesses are usually obliged to take additional measures if they store the personal data of Europeans outside the European Union.”
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
