The Dutch Data Protection Authority (DPA) has fined Uber €290 million for violating the EU’s General Data Protection Regulation (GDPR). This significant penalty stems from Uber’s transfer of European drivers’ data to US servers without proper protection.
The investigation revealed that sensitive information, including ID documents and location data, had been transferred to Uber’s US headquarters for over two years. It compromised drivers’ privacy, prompting a probe by the DPA.
DPA Chairman Aleid Wolfsen emphasized Uber’s failure to meet GDPR requirements. “This is very serious,” he stressed, highlighting the company’s neglect.
A French human rights group filed a complaint for 170 drivers, leading to the fine. The DPA found Uber collected sensitive data without authorization.
Uber plans to appeal, calling the fine “unjustified.” However, the DPA remains firm, emphasizing the need for businesses to handle personal data with care.
It marks the third fine imposed on Uber by the DPA, following penalties in 2018 and last year. The EU is cracking down on big tech firms, with Irish regulators recently fining TikTok €345 million.
Uber’s failure to prioritize data protection has resulted in a substantial fine. It serves as a reminder of the importance of adhering to GDPR. As the EU holds tech giants accountable, companies must proactively ensure user data privacy and security.
