Uber Fined Record €290 Million by Dutch Data Protection Authority
Uber Technologies has been slapped with a record fine of €290 million by the Dutch Data Protection Authority for failing to comply with European data protection standards when transferring sensitive data of its drivers to the United States. The investigation was launched after 170 French drivers complained to a French human rights organization.
The Dutch authority was tasked with the investigation since Uber's European headquarters is located in the Netherlands. According to the authority, Uber collected information on European drivers, including taxi licenses, location data, and in some cases, criminal and medical records, and stored it on servers in the United States.
This fine is the highest ever imposed by the Dutch Data Protection Authority on a company, and it's also the largest fine ever imposed on Uber globally. Notably, this is the third time the Dutch Data Protection Authority has sanctioned Uber. The company was previously fined for lacking transparency on the duration of data storage for European drivers and the countries outside Europe where the data was transmitted. In 2018, it was sanctioned for failing to notify the authority of a data breach in a timely manner.
The ride-hailing service transferred sensitive data to its American headquarters for over two years without using privacy-protecting data transfer tools, which means the data was insufficiently protected under the regulation. Uber plans to appeal, arguing that the data transfer process was compliant with European laws.
