Uber Fined 290 Million Euros for Improper Data Transfer from EU to US, Plans to Appeal
TapTechNews August 27th news, Uber was fined 290 million euros (TapTechNews note: currently about 2.308 billion yuan) for improperly transferring driver data from the EU to the US. This is one of the largest fines imposed by the EU on a company that violates the General Data Protection Regulation (GDPR) since its entry into force.
This fine was issued by the Dutch Data Protection Authority (DPA), which accused Uber of failing to properly protect the personal data of European drivers when transferring it to the US. The DPA added that Uber has stopped this practice.
In a statement, the regulatory agency said: Uber did not meet the requirements of the GDPR to ensure proper protection of the data transferred to the US, which is very serious.
The DPA started investigating the data transfer after 170 French Uber drivers complained to a human rights organization, which forwarded the complaint to the French DPA. Uber's European headquarters is located in the Netherlands, allowing the Dutch DPA to lead the investigation.
Uber was found to have violated the GDPR by retaining sensitive data of drivers on servers located in the US. The DPA said that these data include account details and taxi licenses, as well as location data, photos, payment details, identity documents, and even in some cases, criminal and medical data of drivers. Uber transferred these data without using a transfer tool, and the protection of data without a transfer tool is insufficient.
The General Data Protection Regulation is a regulation passed by the EU in 2016, setting new rules for companies to manage and share personal data. Since then, EU regulatory agencies have been using this regulation to issue warnings to large technology companies: data privacy is sacrosanct and failure to comply with the rules will be subject to record fines.
In 2023, Meta was fined 1.2 billion euros (currently about 9.542 billion yuan) for similar violations, which is the largest fine so far. The Facebook parent company was accused of transferring the data of EU citizens to the US without sufficient protection. Other companies facing large fines include TikTok, WhatsApp (owned by Meta), and ClearviewAI.
Uber said it plans to appeal the ruling, a company spokesperson Casper Nickerson said in an email: This flawed decision and huge fine are completely unjustified. During the three-year period of great uncertainty between the EU and the US, Uber's cross-border data transfer process complies with the GDPR. We will appeal and believe that common sense will prevail.