Uber Hit with €290m Fine for Data Breach
The popular ride-hailing app Uber has been slapped with a hefty €290m fine for violating EU rules by transferring the personal data of European drivers to US servers without proper protection, according to the Dutch data protection regulator.
The Dutch Data Protection Authority (DPA) deemed the transfers a “serious violation” of the EU’s General Data Protection Regulation (GDPR) as sensitive information, including ID documents, taxi licences, and location data, was sent to Uber’s US headquarters over a two-year period.
Uber has vowed to appeal the fine, calling it “unjustified” and claiming their data transfer process was compliant with GDPR regulations during a time of uncertainty between the EU and US.
However, DPA chairman Aleid Wolfsen criticized Uber for failing to meet GDPR requirements to safeguard the data properly, especially when transferring it to the US. The DPA also highlighted that Uber collected sensitive information, including criminal and medical data, from European drivers.
This is not the first time Uber has faced fines from the DPA, with previous penalties of €600,000 in 2018 and €10m last year. The EU has been cracking down on big tech firms for data breaches, with Irish regulators fining TikTok €345m last year for violating children’s privacy under GDPR rules.
The case serves as a reminder of the importance of protecting personal data and complying with GDPR regulations, especially when handling information across borders.
