News€290 million fine for data breach: Uber to appeal Dutch ruling

€290 million fine for data breach: Uber to appeal Dutch ruling

€290 million fine was imposed on a taxi company by the Dutch authority for transferring the private data of European drivers to the USA. Uber's actions were found to violate EU privacy regulations (GDPR). The company criticised this decision and announced an appeal.

Uber violated GDPR? Gigantic fine for the taxi company
Uber violated GDPR? Gigantic fine for the taxi company
Images source: © Getty Images | CFOTO
Justyna Lasota-Krawczyk

27 August 2024 07:42

According to the Dutch Data Protection Authority (DPA) Uber transferred drivers' data from Europe to the United States for over two years and did not secure it properly.

The DPA emphasised that "this constitutes a serious violation of the General Data Protection Regulation," referring to the privacy regulations effective in the EU, known by the acronym GDPR.

Uber denies and announces appeal

Uber denies violating EU regulations. "This flawed decision and extraordinary fine are completely unjustified. Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and the U.S," the company wrote in a statement. According to Reuters, "the company would appeal and was confident that 'common sense will prevail.'"

According to the AP, the regulation violation was alleged to have occurred following the ruling by the EU Court of Justice in 2020, which invalidated the so-called Privacy Shield—a mechanism used by companies operating in the EU for sending data to the USA—due to concerns it allowed US authorities to access those data.

Uber can appeal the fine decision to the DPA, and if unsuccessful, it can challenge it in a Dutch court. The entire appeal process may take about four years, and until all appeals are exhausted, the fine is suspended - reported Reuters.

Drivers sue carrier

The proceedings against Uber were initiated in response to a complaint filed in France by a local human rights organisation on behalf of over 170 drivers. The matter was referred to the DPA because Uber’s European headquarters are registered in the Netherlands. The French Data Protection Authority (CNIL) cooperated with the DPA in the proceedings.

This is not the first fine the DPA has imposed on Uber. In January, the Dutch authority fined the company €10 million for failing to disclose how long it stored drivers' data in Europe or to which countries outside the EU it sent them - reminded AP.

Related content
© Daily Wrap
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.