Uber fined $324M over EU drivers’ data transfer breach
Uber fined $324M by Dutch privacy watchdog for violating GDPR with EU drivers' data transfers to the US, impacting data protection rights.
Uber has been fined €290 million by the Netherlands’ privacy watchdog for violating the European Union’s General Data Protection Regulation (GDPR) due to the transfer of EU drivers' data to the US. This is one of the largest penalties on a tech company since the GDPR was implemented in 2018.
The fine arises from complaints made by over 170 Uber drivers in France in 2021, processed through Ligue des droits de l’Homme and France’s privacy watchdog, and then investigated by the Dutch regulator. Uber was also fined €10 million in January for related data access issues, but the latest fine is significantly larger.
The Dutch DPA criticized Uber for not taking proper safeguards to protect transferred data, particularly sensitive information like driver details and personal documentation. Uber plans to appeal, stating the fine is unjustified and claiming the processes were compliant with GDPR, despite the legal uncertainty during the investigated period.