Uber fined $310M for mishandling European drivers' data, including taxi licenses and medical records. The fine follows last year's $10M penalty and was sparked by a complaint from 170 French drivers. Uber plans to appeal the decision.
Uber was fined €290M ($310M) by Dutch and French regulators for violating GDPR. The fine was imposed for failing to protect drivers' sensitive data when transferring it to the U.S. The data included personal details like identity documents and medical records. The fine was triggered by a complaint from the French Human Rights League, representing 170 drivers. Last year, Uber was already fined €10M for similar violations.
Dutch regulators, who handled the investigation, stated that Uber’s data transfer process did not meet GDPR standards. Aleid Wolfsen, Dutch regulator chairman, emphasized that GDPR is crucial for safeguarding citizens' rights in Europe, which is not always respected outside the continent. The violation involved transferring drivers' sensitive data without adequate protection.
Uber has strongly contested the fine. Caspar Nixon, an Uber spokesperson, called the decision "flawed" and "unjustified." He argued that Uber’s data transfer process complied with GDPR during a difficult period when the legal framework between the EU and U.S. was uncertain. Uber plans to appeal the fine, asserting that the imposed penalty does not reflect the reality of the situation.
Alexandre Roure, policy head for tech association CCIA, supported Uber’s stance, stating that it was impossible to halt data transfers between the EU and U.S. during the legal uncertainty. The fine brings attention to the challenges global companies face in navigating international data protection laws. The new Data Privacy Framework, established last year, resolved this limbo but did not save Uber from retrospective penalties.
Is the fine on Uber fair or too harsh?
Each week we select most important sector news and statistic
so that you can be up to speed