Ride-hailing service Uber has been fined 290 million euros ($324 million) within the Netherlands for allegedly transferring private particulars of European drivers to the United States with out enough safety, the Dutch knowledge safety watchdog introduced on Monday.
Uber known as the choice flawed and unjustified and stated it could enchantment.
The Dutch Data Protection Authority (DPA) stated the info transfers spanning greater than two years amounted to a “serious” breach of the European Union’s General Data Protection Regulation (GDPR), which requires technical and organizational measures geared toward defending consumer knowledge.
“In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care,” Dutch DPA Chairperson Aleid Wolfsen stated in a press release.
“But sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale. That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union,” Wolfsen famous.
“Uber did not meet the requirements of the GDPR to ensure the level of protection to the data with regard to transfers to the U.S. That is very serious.”
The DPA stated Uber collected delicate info of European drivers, together with taxi licenses, location knowledge, photographs, fee particulars, id paperwork, “and in some cases even criminal and medical data of drivers.”
Over a two-year interval, it stated, the data was transferred to Uber’s U.S. headquarters with out utilizing switch instruments.
“Because of this, the protection of personal data was not sufficient,” the DPA famous.
The EU has rolled out a sequence of guidelines for Big Tech companies and imposed enormous fines for breaches in recent times.
The DPA stated it began the investigation after greater than 170 French drivers complained to a human rights curiosity group, which then filed a grievance to France’s knowledge safety watchdog.
Under the GDPR, a business that processes knowledge in a number of EU international locations should cope with the info safety authority the place its primary workplace is situated. Uber’s European headquarters are within the Netherlands.
It is the DPA’s third high quality towards Uber, following fines of 600,000 euros in 2018 and 10 million euros final 12 months.
Uber insisted it did nothing mistaken.
“This flawed decision and extraordinary fine are completely unjustified,” the corporate stated in a press release.
“Uber’s cross-border data transfer process was compliant with GDPR during a three-year period of immense uncertainty between the EU and the U.S. We will appeal and remain confident that common sense will prevail,” it added.
The alleged breach got here after the EU’s high court docket dominated in 2020 that an settlement often called Privacy Shield that allowed hundreds of firms – from tech giants to small monetary companies – to switch knowledge to the United States was invalid as a result of the American authorities might eavesdrop on folks’s knowledge.
The Dutch knowledge safety company stated that following the EU court docket ruling, commonplace clauses in contracts might present a foundation for transferring knowledge exterior the EU, “but only if an equivalent level of protection can be guaranteed in practice.”
“Because Uber no longer used Standard Contractual Clauses from August 2021, the data of drivers from the EU were insufficiently protected,” the watchdog stated. It added that Uber has been utilizing the successor to Privacy Shield for the reason that finish of final 12 months, ending the alleged breach.
Source: www.dailysabah.com