Uber hit with $324 million EU fine for improper data transfer

Uber is facing a good of 290 cardinal euros ($347 million) aft improperly transferring operator information from the EU to the US, successful 1 of the largest penalties levied nether the European Union’s General Data Protection Regulation (GDPR) since its inception.

The good was imposed by the Dutch Data Protection Authority (DPA), which accused Uber of failing to “properly safeguard” European drivers’ idiosyncratic information portion transferring it to the United States. Uber has since ceased the practice, DPA added.

“Uber did not conscionable the requirements of the GDPR to guarantee the level of extortion to the information with respect to transfers to the US,” the regulator said successful a statement. “That is precise serious.”

The DPA started investigating the information transportation aft 170 French Uber drivers complained to a quality rights organization, which passed it on to the French DPA. Uber’s European office is successful the Netherlands, which allowed that country’s DPA to pb the investigation.

Uber was recovered to person retained “sensitive data” from drivers connected US-based servers successful usurpation of the GDPR. The information included relationship details and taxi licenses, arsenic good arsenic determination data, photos, outgo details, individuality documents, and successful immoderate cases adjacent transgression and aesculapian information of drivers, the DPA said. Uber moved the information without the usage of transportation tools, without which the extortion of the information was insufficient, the radical added.

The General Data Protection Regulation is a regularisation passed by the European Union successful 2016, mounting caller rules for however companies negociate and stock idiosyncratic data. Since then, EU regulators person utilized the regularisation to nonstop a connection to elephantine tech companies: information privateness is sacrosanct, and nonaccomplishment to abide by the rules volition effect successful record-breaking fines.

The largest good of $1.3 cardinal fine (€1.2 billion) was handed to Meta successful 2023 for a akin violation. The Facebook genitor institution was accused of transferring information connected EU citizens to the US without capable protections. Other companies facing ample fines see TikTok, WhatsApp (which is owned by Meta), and Clearview AI.

A spokesperson for Uber did not instantly respond to a petition for comment, but successful a statement to Reuters, the institution said it planned to entreaty the decision.