Personal Data Protection

The Dutch Data Protection Authority (DPA) has imposed a hefty fine of 290 million euro on Uber. The decision highlights the serious repercussions of non-compliance with the General Data Protection Regulation (GDPR) and sets a precedent for how data privacy violations are handled within the European Union (EU).

The fine stems from Uber’s transfer of personal data of European drivers to the United States without adequate safeguards. The Dutch DPA’s investigation revealed that Uber had been transferring sensitive information, including account details, taxi licenses, location data, photos, payment details, identity documents and even criminal and medical records, to its headquarters in the US. This practice, which continued for over two years, was found to be in violation of the GDPR.