Uber, the massive ride-hailing company, was fined €290 million by Dutch authorities for breaching EU data protection regulations by unauthorizedly sending the personal information of European drivers to the US.
Uber was found to have been violating the General Data Protection Regulation (GDPR) by sending this data without taking the required precautions, according to the Dutch Data Protection Authority (DPA), which levied the fine.
Uber’s data transmission practices were examined when French taxi drivers filed a complaint. Together with the Dutch DPA, the French data protection authority CNIL worked closely on the inquiry, which eventually turned up serious shortcomings in Uber’s management of private data.
Uber was found to have violated GDPR regulations by failing to appropriately protect the data in addition to transferring it, as reported by the DPA, BrandSpur national news stories report.
Uber has stated that it strongly disagrees with the ruling, even though the cross-border data transfers in question have subsequently stopped. Speaking for the company, Caspar Nixon, a spokesman for Uber, called the fine “extraordinary and unjustified,” adding that during what he called a “period of immense uncertainty” over data protection agreements, Uber’s activities were compliant with GDPR.
Uber plans to appeal the decision, believing that it would successfully reverse the penalties.
Data protection regulations are currently causing friction between the EU and the US, especially when it comes to cross-border transfers of personal data. One of the strictest data privacy laws in the world, the EU’s GDPR, mandates that businesses make sure that data transmitted outside the EU is sufficiently protected. The DPA found that Uber had not complied with this requirement.
