Uber has been fined €290 million (approximately $324 million) by the Dutch Data Protection Authority (DPA) for illegally transferring personal data of European drivers to U.S. servers, violating the EU's General Data Protection Regulation (GDPR). This enforcement action was prompted by a complaint from 170 French taxi drivers, who raised serious concerns regarding Uber's handling of sensitive data, including taxi licenses, location data, and payment details [d26fee47].
The DPA's investigation revealed that Uber had transferred driver data over a two-year period without implementing adequate protection measures, leading to this substantial penalty. This ruling represents Uber's third fine from the DPA, following previous penalties of 600,000 euros in 2018 and 10 million euros in 2023 for similar violations [d26fee47].
In response to the ruling, Uber has announced its intention to appeal, claiming that the fine is 'extraordinary and unjustified.' The company asserts that it has complied with GDPR regulations and has ceased the transfers in question [d26fee47].
This latest development comes amid ongoing scrutiny of Uber's labor practices and the classification of its drivers. As the company navigates these challenges, the implications of this fine could complicate its operations in Europe, particularly as it seeks to maintain its business model while adhering to stringent data protection laws [d26fee47].
Additionally, the ongoing unionization efforts in Massachusetts and regulatory discussions in Hong Kong reflect a broader trend of increasing demands for accountability and protection for gig workers and data privacy. As Uber adapts to these evolving landscapes, the outcomes of these challenges will be critical in shaping the future of the ride-hailing industry [d26fee47].