"Uber hit with $324 million EU fine for improper data transfer", 26 August 2024

Uber is facing a fine of 290 million euros ($347 million USD) after improperly transferring driver data from the EU to the US in one of the largest penalties levied under the European Union’s General Data Protection Regulation (GDPR) since its inception.

...

The fine was imposed by the Dutch Data Protection Authority (DPA), which accused Uber of failing to “properly safeguard” European drivers’ personal data while transferring it to the United States. Uber has since ceased the practice, DPA added.

...

The DPA started investigating the data transfer after 170 French Uber drivers complained to a human rights organization, which passed it along to the French DPA. Uber’s European headquarters is in the Netherlands, which allowed that country’s DPA to lead the investigation.

...

Uber was found to have retained “sensitive data” from drivers on US-based servers in violation of the GDPR. The data included account details and taxi licenses, as well as location data, photos, payment details, identity documents, and in some cases, even criminal and medical data of drivers, the DPA said. Uber moved the data without the use of transfer tools, without which the protection of the data was insufficient, the group added.

Uber said it planned to appeal the ruling.

...