Editor
The ride-hailing app Uber has been hit with a €290m (£246m; $324m) advantageous for transferring the private knowledge of European drivers to US servers in violation of EU guidelines, the Dutch knowledge safety regulator stated on Monday.
The Dutch Data Protection Authority (DPA) stated the transfers had been a “critical violation” of the EU’s General Data Protection Regulation (GDPR), as they didn’t appropriately defend driver info.
According to the watchdog, info together with ID paperwork, taxi licences and placement knowledge was transferred to the corporate’s headquarters within the US over a two-year interval.
Uber stated it could enchantment the advantageous, which it referred to as “unjustified”.
“Uber’s cross-border knowledge switch course of was compliant with GDPR throughout a 3-year interval of immense uncertainty between the EU and US,” an Uber spokesperson stated.
“This flawed choice and extraordinary advantageous are utterly unjustified,” the assertion added.
While knowledge transfers to the US are allowed below EU legislation, there may be important uncertainty round when the can happen with out the necessity for additional authorisation.
DPA chairman Aleid Wolfsen stated the corporate failed to satisfy GDPR necessities to “guarantee the extent of safety to the information with regard to transfers to the US.”
“That could be very critical,” he added, noting that Uber additionally didn’t appropriately safeguard the information.
The DPA stated Uber collected delicate info of European drivers, together with taxi licences, location knowledge, images, fee particulars, identification paperwork, “and in some circumstances even prison and medical knowledge of drivers”.
It stated it began the investigation after greater than 170 French drivers complained to a French human rights group, which then filed a criticism to France’s knowledge safety watchdog.
Under GDPR guidelines, a enterprise that processes knowledge in a number of EU nations should take care of the information safety authority the place its predominant workplace is positioned. Uber’s European headquarters are within the Netherlands.
“In Europe, the GDPR protects the basic rights of individuals, by requiring companies and governments to deal with private knowledge with due care,” Mr Wolfsen stated.
“Think of governments that may faucet knowledge on a big scale,” he stated, explaining, “companies are normally obliged to take extra measures in the event that they retailer private knowledge of Europeans outdoors the European Union.”
It is the DPA’s third advantageous in opposition to Uber following fines of €600,000 (£508,000) in 2018 and €10m (£8.5m) final yr.
The EU has rolled out a collection of guidelines for giant tech companies and imposed enormous fines for breaches in recent times.
Last yr. Irish regulators fined TikTok €345m (£296m) for violating kids’s privateness below GDPR guidelines.
