Uber has been hit with a monster fine in the EU for failing to safeguard the transfer of driver data.
On Monday, the Dutch Data Protection Authority (DPA) announced that it is fining Uber 290 million euros, or $325 million USD, for violating the EU’s sweeping General Data Protection Regulation (GDPR) laws.
Uber accused of insufficient protection of personal data
According to the Dutch DPA investigation, Uber collected sensitive data about its drivers — including account details, taxi licenses, location data, photos, payment details, identity documents, and criminal and medical data — and stored them on US servers without using proper “transfer tools” for transferring data outside of the EU. “Because of this, the protection of personal data was not sufficient,” said the announcement.
Mashable Light Speed
Want more out-of-this world tech, space and science stories?
Sign up for Mashable’s weekly Light Speed newsletter.
By signing up you agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
The fine is the end result of a complaint filed by 170 French Uber drivers to a France-based human rights group. The complaint was then escalated to the Dutch DPA since Uber’s European headquarters is in the Netherlands.
This isn’t the first time the EU has brought the hammer down on Uber for data privacy violations. In 2018, the transportation and delivery giant was fined 600,000 euros for a data breach and 10 million euros in 2023 for privacy infringement of its European drivers.
Other Big Tech companies have faced the consequences of the EU’s strict laws around protecting user data. In 2021, Amazon was slapped with a $886 million penalty for failing to comply with the GDPR, and more recently, Meta was hit with a whopping $1.3 billion fine for improper transfer of data to the US.
The Dutch DPA said in its announcement that Uber has “ended the violation.” However, in a statement to The Verge, Uber says it plans to appeal the ruling.