The Dutch Data Protection Authority (DPA) fined Uber Technologies €290 million ($324 million) in a historic ruling for unauthorizedly sending the personal information of European drivers to the US.
The General Data Protection Regulation (GDPR) of the European Union has resulted in one of the biggest penalties to date. This fine underscores the continued difficulties that internet businesses encounter in adhering to strict data protection regulations.
The legal battle against Uber started in 2021 when more than 170 French drivers complained to the Ligue des droits de l’Homme (LDH), a human rights group. Since Uber’s main EU headquarters is in the Netherlands, these concerns were initially raised with France’s privacy agency before being passed on to the Dutch DPA.
According to the DPA’s investigation, Uber sent sensitive information on its European drivers, such as taxi permits, location data, and even medical data, to servers in the US. This transfer was deemed a breach of the GDPR, which requires that EU persons’ data be appropriately secured when moved outside the EU.
The GDPR compels organizations to employ technological and organizational safeguards to protect personal data. However, the DPA determined that Uber failed to offer the essential precautions, particularly in light of U.S. national security intelligence agency monitoring programs, which have been regarded as a threat to the privacy rights of EU individuals.
Uber claims that its cross-border data transfer procedure complied with GDPR during a time of substantial uncertainty between the EU and the U.S., calling the judgment erroneous and unreasonable. The business, confident that common reason will prevail, intends to appeal the sentence.
Aleid Wolfsen, chairman of the Dutch DPA, emphasized the significance of the GDPR in protecting the fundamental rights of people in Europe. He noted that businesses must take additional measures if they store personal data of Europeans outside the EU to ensure an equivalent level of protection:
“In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care,” Dutch DPA chairman Aleid Wolfsen says. “But sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale. That is why businesses are usually obliged to take additional measures if they store the personal data of Europeans outside the European Union. Uber did not meet the requirements of the GDPR to ensure the level of protection of the data with regard to transfers to the US. That is very serious.”
The €290 million fine against Uber underscores the importance of data protection and privacy, underscoring the need for companies to prioritize personal data security and comply with international regulations as the digital landscape continues to evolve, ensuring individuals’ privacy rights.The post E-Hailing Giant Faces Penalty Over Illegal Data Transfers first appeared on IT News Africa | Business Technology, Telecoms and Startup News.