Thought Leadership
The competent authority imposes a fine in the millions because the US transport service provider is alleged to have violated European data regulations when transferring personal data. But the dispute continues.
The Dutch Data Protection Authority has imposed a fine of 290 million euros on Uber because the US driver service provider is alleged to have inadequately protected data from European drivers when transferring it to its headquarters. According to the data protection authority in The Hague, the data stored on servers in the USA included proof of identity and payment details, but sometimes also criminal and medical data of the drivers. Uber has since remedied the infringement, which lasted around two years. The ride-hailing company has announced that it will appeal against the fine.
“This flawed decision and the extraordinary fine are completely unjustified,” said an Uber spokeswoman. Uber’s cross-border data transfer had been compliant with data protection rules during a three-year period of great uncertainty between the EU and the US. “We will appeal and are confident that common sense will prevail.”
The data protection authority launched an investigation into Uber following a complaint from more than 170 French drivers. This complaint initially ended up with the French data protection authority. However, because Uber’s European headquarters are located in the Netherlands, the data protection authority there dealt with the case.
Uber’s data transfer between August 2021 and November 2023 was criticized. This was a period in which the data protection agreement between the EU and the USA was suspended due to European court rulings.
dpa
