In a recent development, Dutch regulators have fined Uber approximately €290 million (over $324 million) for failing to comply with European Union data protection standards. The fine was imposed due to the company’s improper handling of sensitive driver data.
The Dutch data protection authority has highlighted that Uber transferred crucial information such as driver account details, taxi licenses and personal IDs from Europe to the United States without adequate safeguards. In some cases, this transfer included sensitive criminal and medical data.
Uber, which has its European operations based in Amsterdam, challenged the decision, saying the fine was unjustified. Uber spokesman Michael Valvo said: “We believe this decision and the associated fine are completely disproportionate and unfounded.”
The EU’s General Data Protection Regulation (GDPR), which came into force in 2018, imposes strict measures on the transfer and storage of personal data outside the EU to protect the privacy of individuals. According to Aleid Wolfsen, the head of the Dutch regulator, “Uber has not complied with the GDPR requirements for data transfers to the United States, which is a significant breach.”
Despite the ruling, Uber maintains that its practices are fully compliant with European law, saying it applies GDPR standards universally to all of its European drivers and customers.
The complaint that led to this investigation was filed by the League for Human Rights on behalf of 170 Uber drivers in France, who claimed their privacy rights had been violated.
Uber has the option to appeal the decision, a process that could take up to four years before the fine is enforced.