Ride-hailing giant Uber has been slapped with a hefty €290m fine for transferring the personal data of European drivers to US servers without proper protection, violating EU data protection rules. The Dutch Data Protection Authority (DPA) deemed the transfers a “serious violation” of the General Data Protection Regulation (GDPR). The data transferred included sensitive information such as ID documents, taxi licenses, location data, and even criminal and medical records of drivers.
Uber plans to appeal the fine, calling it “unjustified” and claiming their cross-border data transfer process was compliant with GDPR during a period of uncertainty between the EU and US. However, the DPA chairman emphasized that Uber failed to meet GDPR requirements to ensure adequate protection for data transfers to the US.
This fine marks the third penalty imposed on Uber by the DPA, following previous fines of €600,000 in 2018 and €10m last year. The EU has been cracking down on big tech firms, imposing significant fines for breaches of data protection rules.