The American company Uber Technologies was fined €290 million in the Netherlands. The local regulator, the Data Protection Authority (DPA), has imposed a huge fine for transferring data from European taxi companies to the United States without proper data protection.
The investigation into the case stemmed from a complaint filed in France, but was handled in the Netherlands because Uber has its European headquarters there. As a result, it was found that Uber violated the EU General Data Protection Regulation (GDPR) by transferring and storing information about European taxi drivers on servers in the United States for more than two years. We are talking about a variety of confidential information, including Uber driver accounts, taxi licenses, location data, photographs, payment details, identification documents, etc.
«In Europe, GDPR protects people’s fundamental rights by requiring businesses and governments to handle personal data with due care. Uber failed to comply with GDPR requirements to ensure a level of data protection when transferred to the US. This is very serious,” said DPA Chairman Aleid Wolfsen.
Note that the DPA has already fined Uber twice. The first fine of €600,000 was imposed in 2018 after the company failed to report a data breach that occurred two years earlier. In 2023, Uber was fined €10 million for failing to fully detail the retention periods of data on European taxi drivers. The current fine has become the largest, but Uber is going to appeal it.