The Dutch Data Protection Authority (DPA) has imposed a significant fine of €290 million ($324 million) on Uber for violating the General Data Protection Regulation (GDPR). The fine was levied due to Uber’s unauthorized collection and transfer of sensitive data from European drivers to its U.S. headquarters without implementing the necessary safeguards.
Over a period of more than two years, Uber gathered a range of personal data from its drivers, including location information, photographs, payment details, and identity documents. In some cases, the company also collected criminal and medical records. The Dutch DPA, known as Autoriteit Persoonsgegevens, revealed that Uber failed to use proper “transfer tools” when moving this data across borders, resulting in inadequate protections for the affected individuals.
Following the investigation, Uber has ceased the collection and transfer of this data, according to the DPA. However, the ride-sharing giant has expressed strong opposition to the ruling. A spokesperson for Uber described the decision and the substantial fine as “completely unjustified,” arguing that the company’s data transfer processes were compliant with GDPR during a particularly uncertain period for cross-border data exchanges between the EU and the U.S. Uber has announced plans to appeal the fine.
Aleid Wolfsen, chairman of the Dutch DPA, emphasized the gravity of the violation, stating, “In Europe, the GDPR protects the fundamental rights of people by requiring businesses and governments to handle personal data with due care. Unfortunately, this level of care is not always observed outside Europe.” Wolfsen criticized Uber for failing to adhere to GDPR rules, particularly in protecting the data during its transfer, calling the violation “very serious.”
The investigation and subsequent fine were prompted by complaints from more than 170 French drivers, who sought assistance from the French human rights organization Ligue des droits de l’Homme (LDH). The LDH brought the issue to the attention of the French DPA, which collaborated closely with the Dutch authorities in their probe.
Given that Uber’s foreign headquarters are located in the Netherlands, the Dutch DPA was responsible for imposing the fine under GDPR regulations. This is not the first time Uber has faced penalties from the Dutch regulator. In 2018, Uber was fined €600,000 ($670,000), and in 2023, it was fined an additional €10 million ($11.2 million), a penalty that Uber is currently disputing.
This latest fine underscores the importance of compliance with GDPR regulations and highlights the serious consequences for companies that fail to adequately protect personal data.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
