Governance, Risk and Compliance, Data Security

Uber hit with $324M fine over alleged insecure drivers’ data transfers

Share
Uber sign in a car window

Uber has been ordered by the Dutch Data Protection Authority to pay a $324 million penalty over its alleged insecure transfer of European drivers' personal information to the U.S. for over two years, which was noted to be a significant violation of the European Union's General Data Protection Regulation, according to The Associated Press.

"In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care. But sadly, this is not self-evident outside Europe... Uber did not meet the requirements of the GDPR to ensure the level of protection to the data with regard to transfers to the U.S. That is very serious," said Dutch DPA Chair Aleid Wolfsen. Such a decision will be appealed by Uber, which insisted no wrongdoing in the data transfer. "This flawed decision and extraordinary fine are completely unjustified. Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and U.S." said the ride-hailing firm.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.