Uber fined £246m for GDPR data breach
By ForGeeks Uber faces a hefty €290m (£246m; $324m) fine for transferring European drivers’ personal data to servers in the US in violation of European Union rules. The Dutch Data Protection Authority (DPA) said this on Monday.
Uber is facing a large fine of €90 million (£246 million; $324 million).
The DPA said the data transfer was «a serious breach» of the General Data Protection Regulation (GDPR) because the company failed to adequately protect drivers’ information. During the two-year period, data including identity documents, cab licenses and location data was transferred to Uber’s U.S. headquarters.
The data was transferred to Uber’s U.S. headquarters.
Uber intends to appeal the fine, calling it «unfair». A spokesman for the company said that «Uber’s cross-border data transfer process complied with GDPR requirements during the three-year period of uncertainty between the EU and the US». He added that the decision was flawed and the fine «totally unjustified».
He added.
Although data transfers in the US are permitted under EU law, there is considerable disagreement over when this can take place without the need for further authorization. DPA chairman Aleid Wolfsen said the company has not been able to provide the level of data protection required for transfers to the US.
The DPA also said Uber collected sensitive information from European drivers, including cab licenses, location data, photos, payment information, identity documents, and in some cases even criminal and medical data.
The DPA also said Uber collected sensitive information from European drivers, including cab licenses, location data, photos, payment data, identity documents, and in some cases even criminal and medical data.
The investigation began after more than 170 French drivers filed a complaint with a French human rights group, which then referred it to the French data protection authority.
The investigation began after more than 170 French drivers filed a complaint with a French human rights group, which then referred it to the French data protection authority.
According to GDPR rules, a company that processes data in multiple EU countries must interact with the data protection authority of the country where its main office is located. Uber’s European headquarters are located in the Netherlands.
The company’s European headquarters are located in the Netherlands.
«In Europe, GDPR protects people’s fundamental rights by requiring businesses and governments to handle personal data responsibly»” Wolfsen said. He also noted that businesses storing Europeans’ data outside the EU are usually required to take additional measures to protect it.
Businesses that store Europeans’ data outside the EU are usually required to take additional measures to protect it.
.
This fine is the third for Uber from the DPA, having previously been fined €600,000 (£508,000) in 2018 and €10m (£8.5m) last year. The EU has been proactive in introducing new rules for large tech companies and has imposed significant fines for breaches in recent years. Last year, for example, Irish regulators fined TikTok €345m (£296m) for breaching children’s data privacy under GDPR rules.
Irish regulators fined TikTok €345m (£296m) for breaching children’s data privacy under GDPR rules.
