MADRID (EUROPA PRESS).- The Dutch Data Protection Authority (DPA) has fined the Uber platform 290 million euros for transferring personal data of European drivers to the United States and failing to adequately protect the data in relation to these transfers.
According to the DPA, this constitutes a “serious violation” of the General Data Protection Regulation (GDPR). This is the third fine that the Dutch DPA has imposed on Uber, following the €600,000 fine imposed in 2018 and another €10 million fine in 2023.
Specifically, the Dutch DPA discovered that Uber collected, among other things, sensitive information from drivers in Europe and stored it on servers in the EU, including data on taxi accounts and licenses, but also location data, photos, payment data, identity documents and, in some cases, even criminal and medical data of drivers.
For more than two years, Uber transferred this data to its headquarters in the US without using transfer tools, so the protection of personal data was not sufficient, says the Dutch Authority, recalling that the Court of Justice of the EU invalidated the so-called EU-US Privacy Shield in 2020.
“Uber has not complied with the GDPR requirements to ensure the level of data protection with regard to transfers to the US. This is very serious,” said Aleid Wolfsen, president of the Dutch DPA.
Uber, which has already ended the infringement, has expressed its opposition to this latest fine, the Dutch regulator said.
#Netherlands #fines #Uber #million #transferring #data
2024-08-28 05:37:53