Ride-hailing firm Uber has been fined $324 million (€290 million) in the Netherlands by the Dutch data protection watchdog, DPA.
For a period of two years, Uber sent personal details of its EU taxi drivers to the US, which was in violation of EU rules, the DPA alleged.
The watchdog added that the firm has since stopped the practice.
An Uber spokesperson told Reuters: “This flawed decision and extraordinary fine are completely unjustified.”
The firm can appeal the decision with the DPA, according to Reuters. If this is unsuccessful, it can file a case with the Dutch courts.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataIn its statement, the Dutch Supervisory Authority said it found that Uber collected “among other things, sensitive information of drivers from Europe and retained it on servers in the US”.
It concerned account details and taxi licences, but also location data, photos, payment details, identity documents, and even in some cases criminal and medical data of the drivers, it continued.
Uber transferred the data to Uber’s headquarters in the US, without using transfer tools. Because of this, “the protection of personal data was not sufficient.”
The case was brought to light after a French human rights organisation lodged a complaint on behalf of more than 170 taxi drivers in France with the country’s data protection authority, Reuters reports.
Since Uber has its European headquarters in the Netherlands, the case was passed on to the DPA.