1. Website Planet
  2. >
  3. News
  4. >
  5. Uber Fined $324 Million in EU for Sending Drivers’ Data to US
Uber Fined $324 Million in EU for Sending Drivers’ Data to US

Uber Fined $324 Million in EU for Sending Drivers’ Data to US

Ivana Shteriova Written by:
Alexandros Melidoniotis Reviewed by: Alexandros Melidoniotis
10 September 2024
The Dutch Data Protection Authority (DPA) fined transport company Uber a record $324 million (€290 million) for transferring EU drivers’ sensitive data to the US without proper safeguards for over two years. The agency said Uber violated the EU’s General Data Protection Regulation (GDPR).

“In Europe, the GDPR protects people’s fundamental rights by requiring companies and governments to handle personal data with care. But outside Europe, this is unfortunately not the case… This is why companies are usually obliged to take extra measures if they store personal data of Europeans outside the European Union,” the Dutch DPA Chair Aleid Wolfsen said, further describing Uber’s violation as “very serious.”

According to the agency, Uber sent sensitive information to the US, including taxi licenses, IDs, location data, photos, payment details, and “in some cases even criminal and medical records.” The Dutch regulators said the company’s GDPR violation ended last year when it implemented adequate protection protocols.

The fine is the biggest issued by the Dutch DPA, and the biggest Uber has ever faced globally. The taxi-riding company told Bloomberg that the fine is “completely unjustified.” It further claimed its “cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and the U.S.,” adding it would appeal the decision and is confident that “common sense will prevail.”

Uber has the right to appeal the decision with the DPA, a process that can take around four years. If the DPA denies the appeal, the company can file a case with the Dutch courts. Uber won’t have to pay the fine until all legal processes end.

In January, the Dutch privacy regulators fined Uber $11 million (€10 million) for improperly retaining drivers’ data. DPA said Uber failed to disclose how long it retains driver personal data in its terms and conditions. The agency also found Uber’s process for allowing drivers to make personal data access requests “unnecessarily complicated.”

Both fines result from an investigation initiated after a French human rights organization filed a complaint on behalf of 170 French drivers to their country’s data protection body. However, the Dutch DPA took over the case because Uber’s EU headquarters is in the Netherlands. Companies violating the EU’s GDPR laws can face fines as high as 4% of their global annual revenue.

Uber is not the only US company that has gotten into trouble with the EU’s data privacy regulators. Earlier this year, Meta was fined a record-high $1.3 billion by Ireland’s Data Protection Commission (DPC) for transferring EU user data to the US.

Rate this Article
4.7 Voted by 3 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Reply
View %s replies
View %s reply
More news
Show more
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
1 1 1

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

So happy you liked it!

Share it with your friends!

1 < 1 1

Or review us on 1

3419262
50
5000
97148175