ARTICLE
18 October 2024

Netherlands Data Protection Authority Fines Uber For GDPR Violations

PL
Pioneer Legal

Contributor

Pioneer Legal is a new age law firm with a dynamic approach to revolutionize the legal landscape in India. We excel in providing commercially viable legal solutions in tandem with high happiness quotient for our attorneys and clients.
The Data Protection Authority ("DPA") of the Netherlands has imposed asignificant fine of 290 million Euros on the ride-hailing platform Uber for allegedlyviolating the European Union's...
European Union Privacy
  • The Data Protection Authority ("DPA") of the Netherlands has imposed a significant fine of 290 million Euros on the ride-hailing platform Uber for allegedly violating the European Union's General Data Protection Regulation ("GDPR"). The DPA stated that Uber transferred personal data of European drivers to the United States without ensuring adequate protection. This transfer occurred over a span of more than two years and involved sensitive driver information. The GDPR mandates that businesses must implement technical and organizational measures to protect personal data, especially when transferring it outside the European Union. Further, Uber had failed to use standard contractual clauses from August 2021 which were necessary to ensure an equivalent level of data protection when transferring data outside the European Union. The DPA stated that Uber was in serious breach of the GDPR provisions, failing to protect the information related to the drivers, including information such as ID documents, location data, taxi licences, payment details and in some cases criminal and medical data of the drivers as well.
  • In response to the aforesaid, Uber has stated that the decision is flawed and unjustified. Uber plans to appeal the fine and stated that their cross-border data transfer process was compliant with GDPR.
  • The fine imposed on Uber serves as a reminder of the stringent data protection standards enforced under the GDPR. Companies operating within the European Union or handling European Union citizens' data must remain vigilant and proactive in their data protection practices to avoid similar penalties.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More