LIVE UPDATES
The Dutch Data Protection Authority announced on Monday that it had fined the ride-hailing app, Uber, 290 million euros, approximately $324 million for transferring the personal data of European drivers to U.S. servers without consultation.
The regulator said the transfers were a “serious violation” of the European Union’s General Data Protection Regulation as they failed to appropriately protect drivers' information.
The Chairman, DDPA, Aleid Wolfsen, said, “Uber did not meet the requirements of the GDPR to ensure the level of protection to the data concerning transfers to the US. That is very serious."
The DDPA said Uber collected sensitive information of European drivers, including taxi licences, location data, photos, payment details, identity documents, “and in some cases even criminal and medical data of drivers.”
Over two years, the Authority said the information was transferred to Uber’s US headquarters without using transfer tools.
“Because of this, the protection of personal data was not sufficient,” the DDPA said.
An Uber spokesperson in a statement on Monday, said, “This flawed decision and extraordinary fine are completely unjustified.
“Uber’s cross-border data transfer process was compliant with GDPR during three years of immense uncertainty between the EU and the US. We will appeal and remain confident that common sense will prevail.”
