Sattes penalty imposed
Uber receives millions for transmission of driver data
This audio version was artificially generated. More information | Send feedback
The data protection authority in the Netherlands imposes a fine against Uber. The trigger is complaints from more than 170 French drivers. The trip broker is said to have violated European data protection regulations. But the US group is unreasonable.
The Dutch data protection authority has imposed a fine of EUR 290 million against violations of data protection. The US company is charged to have sent personal data from its European drivers into the United States without adequate protective measures. Uber announced that it can appeal.
The Dutch data protection authority said that data transfers had been operated over more than two years. They represented a serious break in the General Data Protection Regulation of the European Union, which prescribes technical and organizational measures to protect the data.
The procedure was initiated by complaints by more than 170 Uber drivers in France. The data protection authority of the Netherlands came into play because Uber has its European headquarters in Amsterdam.
According to a judgment of the European Court of Justice (ECJ), the data protection violations that were charged to the burden were concluded, according to which the so-called privacy-shield agreement between the USA and the EU are invalid. At the time, the judges cited the reason that the US government could spy on personal data. Based on the agreement, thousands of companies – from tech giants to small financial service providers – had been able to transmit data to the USA.
Uber wants to appeal
Following the ECJ judgment at the time, standard clauses in contracts would have been sufficient as the basis for data transmission outside the EU, but only if an equivalent level of protection could be guaranteed in practice, the data protection authority of the Netherlands said. However, because Uber did not apply to such clauses from August 2021, the drivers' data from the EU were insufficiently protected. Since the US trip broker has been using the successor schedule of the Privacy Shield – the Data Privacy Framework – since the end of 2023, the violation of the rule stopped from this point in time.
Uber described the infringement of fines as incorrect and “completely unjustified”, against which it would be appealed. During a three-year phase “immense uncertainty between the EU and the USA”, the general regulation of data protection was held during a three-year phase. Ultimately, the company is confident that common sense would be victory in the planned appeal procedure, Uber continued.
It was not the first time that the Dutch authority imposed a fine to the US company. In January, the data protection officers had imposed a penalty of ten million euros because Uber had not disclosed how long it saved data from drivers in Europe or did not reveal the names of non-European countries with which the data had shared.
