On Monday, the Dutch Data Protection Authority (DPA) announced that it had fined Uber 290 million euros ($324 million) for improperly sending European taxi drivers’ data to the United States, violating E.U. regulations.
Details of the Fine:
The DPA’s fine results from Uber’s failure to adequately safeguard the personal data of European taxi drivers, which was transferred to the U.S. in breach of the General Data Protection Regulation (GDPR). The DPA stated that Uber has ceased the practice.
Uber has responded strongly against the fine, with spokesperson Caspar Nixon arguing that the company’s data transfer practices complied with GDPR during uncertainty between the E.U. and the U.S.
“This flawed decision and extraordinary fine are completely unjustified,” Nixon told Reuters, adding that Uber plans to appeal the decision and is confident that “common sense will prevail.”
Legal Process and Appeals:
Uber has the right to appeal the DPA’s decision, and if the appeal is unsuccessful, it can take the case to Dutch courts.
According to the DPA, the appeals process is expected to take around four years, and any fines are suspended until all legal avenues have been exhausted.
Background of the Investigation:
The investigation was initiated following a complaint by a French human rights organization representing over 170 taxi drivers in France. Since Uber’s European headquarters is in the Netherlands, the complaint was forwarded to the DPA. The French National Data Protection Regulator (CNIL) cooperated with the DPA.
In a related action earlier this year, the DPA fined Uber 10 million euros ($11 million) in January for other privacy violations related to its drivers’ data.