Dutch DPA fines Uber €10 million for privacy violations
Dutch Data Protection Authority fines Uber for non-disclosure of data retention details and complicating driver access to personal data.
The Dutch Data Protection Authority (DPA) fined Uber Technologies €10 million for failing to disclose detailed information about how long it retains data related to the EU drivers and for not disclosing the names of countries outside the EEA where it shares data. Additionally, the DPA found that Uber made it unnecessarily complicated for drivers to access their personal data. While the Dutch DPA acknowledged that the Uber app contained a request form, it was not placed in a way that was reachable or easy to read.
The fine came after over 170 French drivers complained to a French human rights organization about Uber’s privacy handling. The case was forwarded to the Dutch DPA as Uber’s headquarters is in the Netherlands. When determining the fine, the Dutch DPA stated that it considered the violations’ severity and gravity.
Uber filed a notice of objection to the DPA’s decision, formally disagreeing with it, but the agency said Uber had subsequently taken action to address the violations.