abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphLinkedInlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb
Article

26 Aug 2024

Author:
Politico

Europe: Regulators fine Uber for sending drivers’ data onto servers in the United States; incl. company comment

"Uber fined €290 million for sending drivers’ data outside Europe"

Ride-hailing tech giant protests against what it called a “flawed decision.”

Dutch and French regulators Monday announced they slapped a €290 million fine on Uber for failing to properly protect the privacy of drivers when transferring data outside of the EU.

Regulators said Uber failed to sufficiently protect sensitive information of European drivers when transferring the data onto servers in the United States. The data included account details, taxi licences, location data, photos, payment details, identity documents, and in some cases even criminal and medical data of drivers.

"In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care," Aleid Wolfsen, the chairman of the Dutch regulator, said in a statement. "Sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale." [...]

Data protection authorities already fined the United States-based company €10 million for several breaches of the General Data Protection Regulation (GDPR) last year.

Caspar Nixon, a spokesperson for Uber, said "this flawed decision and extraordinary fine are completely unjustified." He added that Uber will appeal the decision.

"Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and U.S.," he said, refering to a period when both bloc's had to revise their so-called adequacy decision that allowed companies to freely transfer data without complex contractual agreements.

The new Data Privacy Framework struck last year ended three years of legal limbo and headache for tech giants.

The Dutch decision "ignores reality," said Alexandre Roure, head of policy for tech industry association CCIA that has Uber as a member. "The busiest internet route in the world could not simply be put on hold for three entire years while governments worked to establish a new legal framework for these data flows."[...]

Privacy information

This site uses cookies and other web storage technologies. You can set your privacy choices below. Changes will take effect immediately.

For more information on our use of web storage, please refer to our Data Usage and Cookies Policy

Strictly necessary storage

ON
OFF

Necessary storage enables core site functionality. This site cannot function without it, so it can only be disabled by changing settings in your browser.

Analytics cookie

ON
OFF

When you access our website we use Google Analytics to collect information on your visit. Accepting this cookie will allow us to understand more details about your journey, and improve how we surface information. All analytics information is anonymous and we do not use it to identify you. Google provides a Google Analytics opt-out add on for all popular browsers.

Promotional cookies

ON
OFF

We share news and updates on business and human rights through third party platforms, including social media and search engines. These cookies help us to understand the performance of these promotions.

Your privacy choices for this site

This site uses cookies and other web storage technologies to enhance your experience beyond necessary core functionality.