Uber, the popular ride-hailing app, has recently been fined €290m (£246m; $324m) by the Dutch data protection regulator.
The penalty is based on Uber's unlawful transfer of personal data belonging to European drivers to servers in the United States, which goes against EU regulations. This development was announced on Monday, highlighting the seriousness of the violation.
The Dutch Data Protection Authority (DPA) has expressed concern over the transfers, stating that they constitute a significant breach of the EU's General Data Protection Regulation (GDPR) due to inadequate protection of driver information.
According to the watchdog's findings, a significant amount of data, such as ID documents, taxi licenses, and location data, was reportedly transmitted to the company's headquarters in the United States over two years.
Uber has announced its intention to appeal the fine, claiming it to be "unjustified".
An Uber spokesperson stated that Uber's cross-border data transfer process complied with GDPR for three years, marked by significant uncertainty between the EU and the US.
The statement strongly criticized the decision and expressed disbelief at the size of the fine, deeming both to be without merit.
There is considerable uncertainty surrounding the circumstances under which data transfers to the US can take place without requiring additional authorization despite being permitted by EU law.
The DPA chairman, Aleid Wolfsen, stated that the company did not fulfil the necessary GDPR requirements to guarantee the appropriate level of data protection when transferring data to the US.
"This is a matter of great concern," he remarked, highlighting Uber's failure to protect the data adequately.
According to the DPA, Uber has been accused of gathering sensitive information from European drivers. This includes taxi licenses, location data, photos, payment details, identity documents, and, in certain instances, even drivers' criminal and medical data.
An investigation was initiated in response to over 170 French drivers' complaints to a human rights group, which subsequently complained to France's data protection watchdog.
According to GDPR, businesses that handle data across multiple EU countries must work with the data protection authority in the country where their main office is situated. Uber's European headquarters is in the Netherlands.
"The GDPR in Europe ensures the protection of individuals' fundamental rights by mandating that businesses and governments handle personal data responsibly," stated Mr Wolfsen.
"Governments with the ability to access large amounts of data," he explained, "often require businesses to implement extra precautions when storing personal data of Europeans outside the European Union."
This marks the third fine the DPA has imposed on Uber, with previous fines amounting to €600,000 (£508,000) in 2018 and €10m (£8.5m) last year.
In recent years, the European Union has implemented regulations targeting major tech companies and has not hesitated to levy substantial fines for violations.
In the past year, Irish regulators have fined TikTok €345m (£296m) for breaching children's privacy, as outlined by GDPR rules.
Your email address will not be published. Required fields are marked *