The Dutch Data Protection Authority has fined Uber Technologies $324 million (€290 million) for infringing European data privacy policy. When transferring personal information of European drivers to the United States, the company violated regulations on how to protect data. This is the largest fine ever imposed by that watchdog arm.
Uber’s fine was levied for failing to comply with the European Union’s (EU) General Data Protection Regulation (GDPR). The data protection authority in the Netherlands also discovered that sensitive data was not adequately protected when European drivers transferred it to their U.S. headquarters after the EU-U.S. Privacy Shield was invalidated in 2020. By relying on this arrangement, drivers’ information was left exposed and unprotected throughout nearly three years of operations.
Chairman Aleid Wolfsen of the Dutch regulator noted sternly: There is an enormous violation here, because according to the GDPR there should be special protection for personal data and required safe guards against disclosure to outside Europe. Later in 2023 Uber began using a revised set, which it called the EU-USA Data Privacy Framework.
