Uber(UBER) TechXplore·2024-08-26 11:35Core Viewpoint - Uber has been fined 290 million euros ($324 million) by the Dutch Data Protection Authority for serious violations of the EU's General Data Protection Regulation (GDPR) regarding the transfer of personal data of European drivers to US servers [1][2]. Group 1: Regulatory Actions - The fine was imposed following a complaint from over 170 French drivers, highlighting the serious nature of the data protection violations [1][6]. - The Dutch DPA stated that Uber failed to protect driver information adequately during the transfer to the US, which constitutes a serious violation of GDPR [2][3]. - This is the third fine against Uber by the DPA, following previous fines of 600,000 euros in 2018 and 10 million euros in the previous year [7]. Group 2: Data Protection Violations - Uber collected sensitive information from European drivers, including taxi licenses, location data, payment details, and in some cases, criminal and medical data, which were transferred to its US headquarters without proper safeguards [3][6]. - The DPA noted that the lack of appropriate transfer tools resulted in insufficient protection of personal data [3]. Group 3: Company Response - Uber plans to appeal the fine, which will suspend the penalty during the appeal process that could take up to four years [4]. - The company argues that its data transfer processes were compliant with GDPR during a period of uncertainty regarding EU-US data transfers, particularly after the invalidation of the EU-US Privacy Shield in 2020 [8][9]. Group 4: Context of Data Transfers - The investigation was initiated after complaints were filed by a French human rights interest group, emphasizing the importance of GDPR compliance for businesses operating in multiple EU countries [6]. - The uncertainty regarding data transfers between the US and EU has been a significant issue since the invalidation of the Privacy Shield, with a new framework adopted by the European Commission last year [8].