Search Here

The Dutch Data Protection Authority has fined the ride-hailing company. Uber, $324 million dollars for violating European Union rules on the protection of personal data.

As detailed by BBC, the fine was issued over the transfer of personal data related to European drivers to its servers in the United States, thus entailing a serious violation of the EU's General Data Protection Regulation.

The fine is among the largest ever handed down for violations of data protection laws in the EU.

Uber's Personal Data Violation

Forbes also reported that a DPA investigation showed that Uber had transferred sensitive information, especially drivers' identification documents and taxi licenses, as well as location information from drivers in Europe, to its United State-based bank within two years.

It faulted Uber for not informing the existence or strengthening safeguards on this data because it is a high priority under GDPR.

Aleid Wolfsen, chairman of the DPA, described the infringement as serious, noting that Uber has not met the standards expected from it for the transfer of data to the US.

In response to the fine, Security Week shared that Uber has announced its intention to appeal, calling the decision "unjustified." The company's spokesperson argued that its data transfer practices were compliant with GDPR regulations during a complex period of regulatory uncertainty between the EU and the U.S. Uber contends that the fine is disproportionate and disputes the DPA's findings.

The GDPR clarified that it allows data transfers to the U.S., but these transfers must meet specific conditions to ensure the protection of personal data.

This is not the first time Uber has faced scrutiny from the DPA. Previously, Reuters noted that the company was fined €600,000 ($508,000) in 2018 and €10 million ($8.5 million) last year for other data protection breaches.

Tags

Uber