The ride-hailing giant Uber has been fined €290 million ($324 million) by the Dutch Data Protection Authority (DPA) for illegally transferring the personal data of European taxi drivers to the United States.
This breach is in direct violation of the European Union’s General Data Protection Regulation (GDPR), the DPA announced on Monday.
In response, Uber’s spokesperson, Caspar Nixon, strongly criticized the fine, stating, “This flawed decision and extraordinary fine are completely unjustified.” He added that Uber’s data transfer processes were fully compliant with GDPR during what he described as a “three-year period of immense uncertainty between the EU and U.S.” Nixon also mentioned that Uber would appeal the decision, expressing confidence that “common sense will prevail.”
The investigation leading to this fine was initiated following a complaint by a French human rights organization representing over 170 taxi drivers. Although the complaint was initially filed with France’s data protection authority, it was transferred to the Dutch DPA, as Uber’s European headquarters are located in the Netherlands.
“This constitutes a serious violation of the General Data Protection Regulation (GDPR),” the DPA stated, emphasizing that Uber had failed to appropriately safeguard the data during the transfer.
Uber has halted the practice, but the company now faces a lengthy appeals process, which could last up to four years. Until all legal avenues are exhausted, any fines will be suspended.
