Dutch Data Watchdog Slaps Uber With $324 Million Fine Over Personal Data Sending in the US

But Uber strongly contested the fine.

Ride-hailing giant Uber has been slapped with a substantial fine by the Netherlands' privacy watchdog for violating the European Union's General Data Protection Regulation (GDPR).

The penalty, amounting to €290 million or $324 million in US dollars, is one of the largest imposed on a tech company since the GDPR came into effect.

As Uber continues to roll downhill because of its financial struggles, it needs to figure out a solution how to come out of this new loophole.

Data Transfer Violations Done by Uber

Dutch Data Watchdog Slaps Uber With $324 Million Fine Over Personal Data Sending in the US
Uber has been accused of breaching the EU's data protection regulation. The ride-hailing platform allegedly transfers the personal data of drivers outside the EU. Erik Mclean from Unsplash

According to Reuters, the fine stems from Uber's transfer of drivers' personal data from the EU to the US. The GDPR imposes strict regulations on the transfer of personal data outside the EU, particularly to countries with less stringent privacy protections.

GDPR Penalties and Compliance

The GDPR allows for fines of up to 4% of a company's global annual turnover for non-compliance. While Uber's fine falls short of this maximum, it remains a significant amount, reflecting the seriousness of the data breaches.

Investigation and Complaints

The Dutch regulator, the Autoriteit Persoonsgegevens (AP), initiated an investigation into Uber's data practices following complaints from over 170 drivers in France. The complaints alleged that Uber had failed to adequately protect drivers' personal data during transfers to the US.

"In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care. But sadly, this is not self-evident outside Europe," Dutch DPA chairman Aleid Wolfsen wrote in a statement.

Wolfsen also noted that businesses should be obliged to be serious about storing the personal data of European drivers outside the region. He added that the app did not meet GDPR's requirements to ensure data protection level regarding US transfers.

Uber's Previous Fines and the GDPR

Uber has faced previous GDPR fines, including a €10 million penalty earlier this year. However, the recent €290 million fine is a significant escalation, placing Uber among the tech giants with the largest GDPR penalties.

Data Safeguarding and US Surveillance

The AP determined that Uber had failed to "appropriately safeguard" data transferred outside the EU.

According to TechCrunch, the breach is related to US national security intelligence agency surveillance programs, which have been found to pose a risk to EU citizens' privacy rights.

The EU-US Data Transfer Dilemma

The clash between EU privacy protections and US surveillance practices has created a challenging environment for US tech giants operating in Europe. The GDPR requires companies to implement additional measures to protect data transferred outside the EU, but this can be difficult when dealing with US authorities.

Uber Claims Compliance With GDPR's Standards

Uber has strongly contested the fine, claiming that its data transfer processes were compliant with the GDPR. The company has vowed to appeal the decision and argues that the legal landscape surrounding data transfers has evolved over time.

Joseph Henry
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics