- Uber faced significant penalties due to the disclosure of driver-related information.
The Dutch data privacy regulator has levied a fine of 290 million euros on Uber, claiming that the American ride-hailing giant neglected to secure data from European drivers properly while transferring it to its headquarters. According to the Dutch data privacy agency in The Hague, the servers in the U.S. housed personal data such as identity documents, payment details, and sometimes even criminal and medical information about the drivers. Uber supposedly put an end to this breach, which had been ongoing for approximately two years. The company has indicated its intention to contest the fine.
"This unfounded penalty and exorbitant amount are wholly unwarranted," stated an Uber representative. The cross-border data transfer conducted by Uber was in line with data protection regulations during a period of considerable ambiguity between the EU and the USA. "We will challenge this decision and are hopeful that reason will prevail."
The data privacy agency initiated an investigation against Uber after receiving a complaint from more than 170 drivers in France. Initially, this matter was handled by the French data privacy agency. Nevertheless, since Uber's European headquarters are situated in the Netherlands, the Dutch data privacy agency assumed control of the case.
The data transfer by Uber between August 2021 and November 2023 was subject to criticism. This time frame coincided with the suspension of the data protection agreement between the EU and the U.S. due to decisions rendered by European courts.
The Dutch data privacy agency, based in The Hague, took over the investigation against Uber due to its European headquarters being located in the Netherlands.
If Uber's challenge against the fine is unsuccessful, it could face significant consequences in The Hague, the city known for its international courts and tribunals.
