Uber (UBER) has been fined €290m (478m AUD) for sending the personal data it holds for European taxi drivers to the US. The fine was imposed after the Dutch data protection watchdog DPA investigated the case in the Netherlands.
Uber Fined for EU Data Protection Breach
The sending of data outside the European Union (EU) goes against the region’s rules and the ride-hailing company has now stopped doing so. Upon hearing the decision to fine the company, Uber spokesperson Caspar Nixon said that the DPA’s decision was flawed and that the size of the fine was unjustified. Nixon went on to say:
Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and US.
He pointed out that Uber intends to appeal and expects common sense to prevail.
Information released by the DPA suggests that Uber didn’t take the necessary steps to safeguard the driver information sent from Europe to the US. It called this a serious violation of the General Data Protection Regulation (GDPR).
Don’t miss out the latest news, subscribe to LeapRate’s newsletter
It was noticed by a French human rights organisation that spotted that information for over 170 drivers in France was being sent abroad. The case was brought in the Netherlands where Uber has its European headquarters.
If Uber appeals the ruling but the DPA doesn’t change its decision, the transportation company could take the case to the Dutch courts. The appeal could take up to four years to resolve, with the fine remaining suspended until that process ends.
