
Дата публикации
Uber has been fined €290 million in the Netherlands for violating the European Data Protection Regulation (GDPR). The fine was imposed by the Dutch regulator for transferring personal data of European drivers to servers in the US without adequate protection.
According to a report by the Dutch Data Protection Authority (DPA), Uber transferred data including the taxi license, location, health and financial details of drivers for two years. This practice violated GDPR requirements because the data was not sufficiently protected. Although Uber stopped the data transfer, the regulator considered the violation serious.
The DPA noted that such data transfers between Europe and the US require additional protections, as in some countries government agencies may have broad access to data. Since 2020, when the EU Court of Justice invalidated the Privacy Shield agreement, companies have had to use other data protection tools, such as standard contractual clauses. However, Uber stopped using them in August 2021.
The complaint was filed after more than 170 French Uber drivers contacted a human rights organization, triggering an investigation by the Dutch Data Protection Authority. Uber disagrees with the regulator’s decision and plans to appeal the fine, calling it unfounded.
The company argues that the rules for data transfers between the EU and the US were not clearly defined at the time. Uber and other companies faced legal uncertainty for almost three years before the European Commission ruled in 2023 that the US had sufficient data protection.
During this time, companies had to rely on temporary solutions, with no clear guidelines on how to handle cross-border data transfers. Uber claims that all of its actions complied with the regulator’s requirements at the time. However, Uber was still fined, which the company considers unfair.
This is the third fine Uber has received in the Netherlands in the last five years. In 2018, the company was fined €600,000 for a data breach, and in 2023, €10 million for failing to provide drivers with data on time when they requested it.
Uber has also previously been accused of providing incomplete information in its privacy policy documents, which created additional risks for users.
Despite ongoing pressure from regulators, the company remains confident in its position and is preparing for lengthy legal proceedings.
(text translation is done automatically)
According to a report by the Dutch Data Protection Authority (DPA), Uber transferred data including the taxi license, location, health and financial details of drivers for two years. This practice violated GDPR requirements because the data was not sufficiently protected. Although Uber stopped the data transfer, the regulator considered the violation serious.
The DPA noted that such data transfers between Europe and the US require additional protections, as in some countries government agencies may have broad access to data. Since 2020, when the EU Court of Justice invalidated the Privacy Shield agreement, companies have had to use other data protection tools, such as standard contractual clauses. However, Uber stopped using them in August 2021.
The complaint was filed after more than 170 French Uber drivers contacted a human rights organization, triggering an investigation by the Dutch Data Protection Authority. Uber disagrees with the regulator’s decision and plans to appeal the fine, calling it unfounded.
The company argues that the rules for data transfers between the EU and the US were not clearly defined at the time. Uber and other companies faced legal uncertainty for almost three years before the European Commission ruled in 2023 that the US had sufficient data protection.
During this time, companies had to rely on temporary solutions, with no clear guidelines on how to handle cross-border data transfers. Uber claims that all of its actions complied with the regulator’s requirements at the time. However, Uber was still fined, which the company considers unfair.
This is the third fine Uber has received in the Netherlands in the last five years. In 2018, the company was fined €600,000 for a data breach, and in 2023, €10 million for failing to provide drivers with data on time when they requested it.
Uber has also previously been accused of providing incomplete information in its privacy policy documents, which created additional risks for users.
Despite ongoing pressure from regulators, the company remains confident in its position and is preparing for lengthy legal proceedings.