The Dutch Data Protection Authority (DPA) slammed a €290 million fine on Uber for blatant disobedience of the European Union’s General Data Protection Regulation (GDPR). The regulatory body deemed Uber’s transfer of personal details about European drivers to US servers as “a serious violation” of GDPR protocols.
According to the DPA, Uber failed to ensure that sensitive information was safe enough, such as taxi licenses, location data, payment details, identity documents, and in some cases, criminal and health records. This information had been sent to US headquarters without the right tools meant for transfer purposes over two years.
DPA Chairman Aleid Wolfsen stated, “Uber did not comply with the levels of protection required by GDPR for data flows to the US… this is an extremely serious offense.”
In response, Uber has indicated plans to contest the fine, considering the ruling “faulty” and “utterly unjustifiable.”
An Uber representative stated, “Our transborder data movement mechanism was consistent with GDPR during this time span of significant ambiguity between EU and US. We will appeal and be confident that reason will win out.”
