Netherlands Slaps Uber With $324 Million Fine For Data Breach

The Dutch Data Protection Authority (DPA) has fined Uber 290 million eurosโ€”around $324 millionโ€”for allegedly transferring the personal data of European taxi drivers to the United States (U.S.) and failing to safeguard the data regarding these transfers appropriately.

According to the Dutch DPA, these transfers were a โ€œserious violationโ€ of the European Unionโ€™s General Data Protection Regulation (GDPR). However, the DPA added that Uber ended the violation last year.

“In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care,” said Aleid Wolfsen, Dutch Data Protection Authority (DPA) chairman, in a statement.

The Dutch data watchdog said Uber collected sensitive information about drivers from Europe, including account details and taxi licenses, location data, photos, payment details, identity documents, and, in some cases, even criminal and medical data.

Further, the taxi-riding company transferred those data to Uber’s headquarters in the U.S. for over two years without using transfer tools because the protection of the data was insufficient.

The DPA initiated the investigation into Uber after more than 170 French drivers complained to the French human rights interest group Ligue des droits de lโ€™Homme (LDH), which then submitted the complaint to the French DPA. Since Uberโ€™s European headquarters is in the Netherlands, the Dutch DPA had to lead the investigation.

To calculate the fines for businesses in Europe, the DPAs charge a maximum of 4% of the business’s worldwide annual turnover. In 2023, Uber had a worldwide turnover of around 34.5 billion euros.

Uber said it planned to appeal the ruling and object to the fine.

โ€œThis flawed decision and extraordinary fine are completely unjustified. Uberโ€™s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and US. We will appeal and remain confident that common sense will prevail,โ€ an Uber spokesperson said in a statement.

This is the third penalty the Dutch DPA has imposed on Uber. In 2018, it finedย Uber 600,000 eurosย for not reporting the data breach to the Dutch DPA and the data subjects in time. Further, in 2023, it was fined โ‚ฌ10 million for failing to disclose the complete details of its retention periods for data concerning European drivers or to which countries outside Europe this data was forwarded.

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!
spot_img

Read More

Suggested Post