Netherlands Imposes Fine on Uber for Transferring Driver Data to U.S.
Uber has been penalized in the Netherlands for transferring drivers' data to the United States. The fine highlights concerns over data privacy and the implications of cross-border data transfers.
TroibNews 
Uber has been fined 290 million euros ($324 million) by the Dutch Data Protection Authority (DPA) for unlawfully transferring the personal data of European taxi drivers to the United States, which breaches European Union (EU) regulations. The DPA announced on Monday that Uber has discontinued this practice.
"This flawed decision and extraordinary fine are completely unjustified," stated Uber spokesperson Caspar Nixon in an email to Reuters. He noted that "Uber's cross-border data transfer process was compliant with General Data Protection Regulation (GDPR) during a three-year period of immense uncertainty between the EU and U.S.," adding that the company plans to appeal the decision and is confident that "common sense will prevail."
The DPA reported that Uber's actions involved transferring personal data to the U.S. without sufficient safeguards, which it deemed "a serious violation of the GDPR."
Uber is able to contest the ruling with the DPA and, if that appeal fails, can escalate the matter to Dutch courts. The appeals process is anticipated to take about four years, during which any fines will be suspended until all legal avenues have been exhausted, according to the DPA.
The investigation began following a complaint from a French human rights organization on behalf of over 170 taxi drivers in France, which was initially directed to the French data protection authority. Since Uber's European headquarters is in the Netherlands, the case was referred to the DPA. The French national data protection regulator, CNIL, confirmed that it had worked in conjunction with the DPA.
Additionally, the DPA had previously fined Uber 10 million euros in January for violations of privacy regulations concerning the personal data of its drivers.
James del Carmen contributed to this report for TROIB News
"This flawed decision and extraordinary fine are completely unjustified," stated Uber spokesperson Caspar Nixon in an email to Reuters. He noted that "Uber's cross-border data transfer process was compliant with General Data Protection Regulation (GDPR) during a three-year period of immense uncertainty between the EU and U.S.," adding that the company plans to appeal the decision and is confident that "common sense will prevail."
The DPA reported that Uber's actions involved transferring personal data to the U.S. without sufficient safeguards, which it deemed "a serious violation of the GDPR."
Uber is able to contest the ruling with the DPA and, if that appeal fails, can escalate the matter to Dutch courts. The appeals process is anticipated to take about four years, during which any fines will be suspended until all legal avenues have been exhausted, according to the DPA.
The investigation began following a complaint from a French human rights organization on behalf of over 170 taxi drivers in France, which was initially directed to the French data protection authority. Since Uber's European headquarters is in the Netherlands, the case was referred to the DPA. The French national data protection regulator, CNIL, confirmed that it had worked in conjunction with the DPA.
Additionally, the DPA had previously fined Uber 10 million euros in January for violations of privacy regulations concerning the personal data of its drivers.
James del Carmen contributed to this report for TROIB News
