News
Uber Fined 290 Million Euros For Transferring Personal Data Of Europeans To The US
Uber has been fined 290 million euros for transferring the personal data of European drivers to servers in the US, in violation of EU rules, the Dutch data protection regulator said on Monday.
The Dutch Data Protection Authority (DPA) said the transfers were a “serious breach” of the EU’s General Data Protection Regulation (GDPR) because they did not adequately protect driver information.
According to the controller, information including personal documents, taxi licenses and location data was transferred to the company’s US headquarters over two years. Uber said it would appeal the fine, which it called “unjustified.”
“Uber’s cross-border data transfer process has been GDPR compliant during three years of enormous uncertainty between the EU and the US,” an Uber spokesperson said.
“This wrong decision and the fine are completely unjustified,” the statement added, reports the BBC.
Although the transfer of data to the US is permitted under EU law, there is considerable uncertainty as to when this can occur without the need for further approval.
Collection of sensitive information
DPA chairman Aleid Wolfsen said the company failed to meet the GDPR’s requirements to “ensure the level of data protection concerning transfers to the US”.
“It’s very serious,” he added, noting that Uber also failed to adequately protect data.
The DPA said Uber collected sensitive information about European drivers, including taxi licences, location data, photographs, payment details and personal documents, “and in some cases even the drivers’ criminal and medical details”.
The investigation was launched after more than 170 French drivers complained to a French human rights group, which then filed a complaint with the French data protection authority.
GDPR rules
According to GDPR rules, a company that processes data in several EU countries must contact the data protection authority where its main office is located. Uber’s European headquarters is in the Netherlands.
“In Europe, the GDPR protects people’s fundamental rights, requiring businesses and governments to treat personal data with due care. Businesses are usually required to take additional measures if they store the personal data of Europeans outside the European Union,” Wolfsen said.
It is the third fine of the DPA against Uber after fines of 600,000 euros in 2018 and 10 million euros last year.
The EU has introduced a series of rules for big tech firms and imposed huge fines for violations in recent years. Last year, Irish regulators fined TikTok 345 million euros for violating children’s privacy under GDPR rules.
-
Read More: Uber Partners With China’s BYD To Deploy 100,000 Electric Vehicles To Ride-hailing Platform Globally