Uber Technologies Inc. has been hit with a hefty fine of €290 million (approximately $320 million) by Dutch authorities for transferring the personal data of European drivers to the United States.
Violating GDPR
The decision, announced by the Dutch Data Protection Authority (DPA) on August 26, highlights the company's failure to comply with the General Data Protection Regulation (GDPR), a stringent set of privacy laws in the European Union, according to Ziare.
According to the DPA, Uber's actions constituted a serious violation of GDPR, which was designed to protect the personal information of individuals within the EU.
The investigation was initiated following complaints from French drivers about the unauthorized sharing of their data. In a related incident earlier this year, Uber was also fined €10 million for breaching data retention rules, further underscoring the company's ongoing challenges with data compliance.
Fine is Unjustified
Uber has announced plans to appeal this latest fine, arguing that the ruling is unfounded. A spokesperson for the company, Caspar Nixon, stated:
“This erroneous decision and extraordinary fine are completely unjustified. Uber’s cross-border data transfer practices complied with the three-year period stipulated in GDPR.” He expressed confidence that common sense would prevail in the appeal process.
The Dutch DPA worked closely with France’s data protection authority (CNIL) in this investigation, which has raised concerns about Uber's data handling practices.
Since entering the Romanian market in February 2015, Uber has become a significant player in Central and Eastern Europe, ranking as the second-largest market in the region after Poland and the fifth-largest in the EU.