The Netherlands imposes record fine on Uber for data protection violations

THE HAGUE, Netherlands – The Dutch Data Protection Authority has imposed a record fine of €290 million ($324 million) on Uber for violating data protection regulations. Uber called the decision unjustified and said it would appeal.

The American ride-hailing giant was fined for transferring European drivers’ personal data to the United States without sufficient security safeguards. The authority’s website described these breaches as “serious violations” of the General Data Protection Regulation (GDPR).

“In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care,” Dutch DPA chairman Aleid Wolfsen said in a statement.

“But sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale. That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union. Uber did not meet the requirements of the GDPR to ensure the level of protection of the data with regard to transfers to the U.S. That is very serious,” added the same source.

On the other hand, Uber described the decision and the substantial fine as “completely unjustified,” asserting that its cross-border data transfer practices were compliant with GDPR.