Uber fined $324 million in Netherlands for GDPR violations over data transfer to United States

The Dutch data protection authority announced on Monday that it has fined Uber 290 million euros (324 million dollars) for transferring the personal data of European drivers to servers in the United States. The regulator described these transfers as a "serious violation" of the European Union's General Data Protection Regulation (GDPR), noting that Uber failed to adequately safeguard driver information.

Dutch Data Protection Authority (DPA) chairman Aleid Wolfsen stated, "Uber did not meet the GDPR requirements to ensure adequate protection for data transfers to the US. This is a very serious issue."

The DPA revealed that Uber gathered sensitive information from European drivers, such as taxi licenses, location data, photos, payment details, identity documents, and in some instances, even criminal and medical records.

Over a span of two years, this data was transferred to Uber's US headquarters without employing the required transfer tools.

"Because of this, the protection of personal data was not sufficient," the DPA said.

Uber announced its intention to appeal the fine, calling the decision "flawed" and the penalty "completely unjustified."

An Uber spokesperson stated, "Uber's cross-border data transfer process complied with GDPR during a three-year period of significant uncertainty between the EU and US. We will appeal this decision and are confident that common sense will prevail."

• 290 million euros
• 324 million dollars
• Aleid Wolfsen
• Dutch data protection authority
• EU and US
• European drivers
• GDPR
• General Data Protection Regulation
• Uber
• United States servers
• appeal
• compliance
• criminal records
• cross-border data transfer
• data protection
• data transfer tools
• flawed decision
• identity documents
• location data
• medical records
• payment details
• personal data transfer
• photos
• sensitive information
• taxi licenses
• unjustified penalty