Business
Dutch Watchdog Fines Uber $324 Million For Alleged Inadequate Protection Of Drivers’ Data
The Hague, Netherlands — The Dutch data protection authority fined Uber 290 million euros ($324 million) on Monday for allegedly sending European drivers’ personal information to the United States without proper protection. Uber termed the ruling erroneous and unjustified, and said that it will appeal.
The Dutch Data Protection Authority stated that more than two years of data transfers constituted a major violation of the European Union’s General Data Protection Regulation, which mandates technical and organisational safeguards to secure user data.
“In Europe, the GDPR protects people’s fundamental rights by requiring businesses and governments to handle personal data with care,” said Aleid Wolfsen, chairman of the Dutch Data Protection Authority.
Dutch Watchdog Fines Uber $324 Million For Alleged Inadequate Protection Of Drivers’ Data
“Unfortunately, this is not obvious outside of Europe. Consider governments that can collect vast amounts of data. That is why firms are typically required to take further precautions if they store the personal data of Europeans outside of the European Union. Uber did not meet the GDPR’s obligations to protect data during transfers to the United States. “That is extremely serious.”
Complaints started the case from 170 French Uber drivers, but the Dutch government imposed the fine because Uber’s European headquarters are in the Netherlands.
Uber said it had done nothing wrong.
“This faulty decision and the exorbitant fine are entirely unjustifiable. Uber’s cross-border data transfer mechanism complied with GDPR over a three-year period of extreme uncertainty between the EU and the United States. We will appeal, and we are convinced that common reason will win,” the corporation stated.
The alleged breach occurred after the EU’s top court declared in 2020 that the Privacy Shield deal, which allowed thousands of corporations ranging from internet behemoths to modest banking organizations to move data to the United States, was unlawful because the American government might snoop on people’s information.
The Dutch data protection agency stated that, following the EU court verdict, standard contract clauses could offer a basis for sending data beyond the EU, “but only if an equivalent level of protection can be guaranteed in practice.”
“Because Uber no longer used Standard Contractual Clauses from August 2021, the data of drivers from the EU were insufficiently protected,” a watchdog reported. It further stated that Uber has been using the successor to Privacy Shield since the end of last year, effectively terminating the claimed breach.
Dutch Watchdog Fines Uber $324 Million For Alleged Inadequate Protection Of Drivers’ Data
The Computer & Communications Industry Association, a computer industry advocacy group, said the sentence overlooked the reality of internet commerce following the 2020 EU court verdict.
“The world’s busiest internet route could not simply be halted for three years while governments worked to establish a new legal framework for these data flows,” the association’s European head of strategy, Alexandre Roure, said in a statement.
“Any retroactive fines by data protection authorities are especially worrisome given that these very privacy watchdogs failed to provide helpful guidance during this period of significant legal uncertainty, in absence of any clear legal framework,” according to him.
The Dutch data protection watchdog has fined Uber before, and Monday’s announcement is no exception. The agency penalised it ten million euros in January for failing to declare how long it stored data on European drivers or to identify non-EU countries with which the data was shared.
SOURCE | AP
