Uber (UBER.N), opens new tab has been fined for sending European taxi drivers’ personal information to the US against EU regulations, the Dutch data protection watchdog DPA announced on Monday. The DPA stated that Uber had discontinued the practice.
According to Uber spokesperson Caspar Nixon, “this flawed decision and extraordinary fine are completely unjustified,” Reuters was emailed. “During a three-year period of immense uncertainty between the EU and the U.S., Uber’s cross-border data transfer process was compliant with GDPR,” he continued. The business expressed confidence that “common sense will prevail” and announced plans to file an appeal.
Uber failed to adequately secure personal data that it transmitted to the United States, according to the DPA. “This constitutes a serious violation of the General Data Protection Regulation (GDPR),” it stated.
Uber has the option to submit an appeal with the DPA and, in the event that it is denied, to take its case before the Dutch courts. According to the DPA, the appeals procedure should take around four years, and any fines are deferred until all available legal options have been used.
The inquiry began when a French human rights organization filed a complaint with the nation’s data protection authorities on behalf of over 170 cab drivers. It was sent to the DPA instead, though, because Uber’s European headquarters are located in the Netherlands.
In a different statement, the French national data protection authority, CNIL, stated that it had worked with the DPA.
In a separate instance, Uber was fined 10 million euros ($11 million) by the DPA in January for violating privacy laws pertaining to the personal information of its drivers.
