Dutch watchdog fines Uber €290M for data breach

The Dutch data protection watchdog has fined ride-hailing app Uber €290 million for violating the EU’s GDPR by transferring European drivers’ personal data to US servers without adequate protection. The regulator stated that Uber failed to meet the GDPR requirements for data protection in transfers to the US, calling it a serious breach.

Sensitive information, including taxi licenses, location data, and even criminal and medical records of drivers, was transferred to Uber’s US headquarters over two years without proper safeguards, according to the DPA. Uber plans to appeal the fine, arguing that its data transfer process complied with GDPR during a period of uncertainty between the EU and US.

French drivers raised concerns

The investigation was initiated after 170 French drivers lodged complaints, leading to the DPA imposing its third fine on Uber. The EU has implemented strict rules for tech companies to ensure data protection, emphasizing the importance of handling personal data with care.

Businesses operating in multiple EU countries must adhere to GDPR regulations, especially when storing personal data of Europeans outside the EU. The DPA’s fine highlights the need for companies to prioritize data security to protect individuals’ fundamental rights.