MJP –
Dutch privacy regulators levied a record fine of €290 million ($324 million) against Uber Technologies Inc. for violating European protection requirements in the transfer of driver data to the United States.
According to the Dutch Data Protection Authority, Uber was using servers in the United States to store the personal information of European drivers, including their taxi permits, location data, and, in certain instances, criminal and medical records.
A representative for the Dutch watchdog stated in an email that the fine is the largest penalty the agency has ever levied on a firm. This is the largest fine that Uber has ever faced on a global scale.
According to the watchdog, the ride-hailing service failed to use data transfer mechanisms meant to protect privacy for more than two years, meaning that the sensitive data were “insufficiently protected” when transported to its U.S. headquarters. The agency announced last year that Uber has halted the infraction.
The penalty is “totally unjustified,” according to Uber spokeswoman Caspar Nixon, who responded to inquiries sent via email. “Uber will appeal against the decision,” Nixon said, adding that the company’s data transfer method complied with European legislation.
SEE MORE –
Big Incident! Flash Mob Hits California 7-Eleven Again: What Happened?
European law mandates a certain level of data protection for transfers to the United States, and Uber failed to fulfill this standard. The head of the Dutch data protection authority, Aleid Wolfsen, issued a statement expressing her deep concern.
In response to complaints from over 170 French drivers, a human rights interest group in France initiated an investigation into Uber by the Dutch data protection regulator. Since Uber’s European headquarters are located in the Netherlands, the Dutch agency was in charge of the investigation.
This marks Uber’s third fine from the Dutch data protection regulator. A previous fine for failing to adequately disclose the duration of data retention and the countries to which it sent data from European drivers had already been levied. It received a fine in 2018 for failing to notify the Dutch regulator of a data breach in a timely manner.
European privacy regulators have the authority to punish companies up to four percent of their yearly global revenue.
