Uber Fined €290 Million for GDPR Violations Over Data Transfers to the U.S.
What Happened:
The Dutch Data Protection Authority (DPA) has fined Uber €290 million ($324 million) for violating GDPR regulations. The fine was issued because Uber improperly transferred sensitive data from European drivers to the U.S. without adequate safeguards.
The data involved included location information, photos, payment details, and identity documents, with some cases even including criminal and medical data. Uber did not use the required transfer tools to protect this information, according to the DPA.
The fine follows complaints from over 170 French drivers, supported by the French human rights group Ligue des droits de l’Homme (LDH). Uber has since stopped gathering and transferring the data in question, but disputes the fine and plans to appeal.
Why it matters:
Data transfers are highly regulated, and companies must put the effort into complying with their obligation.
Are you interested in diving deeper into the details of such cases? Let me know by replying to email with “deep dive”.
Related Resources:
What Happened: The Dutch Data Protection Authority (DPA) has fined Uber €290 million ($324 million) for violating GDPR regulations. The fine was issued because Uber improperly transferred sensitive data from European drivers to the U.S. without adequate safeguards. The data involved included location information, photos, payment details, and identity documents, with some cases even including […]