Dutch DPA fines Uber €10 million for privacy violations
Dutch Data Protection Authority fines Uber for non-disclosure of data retention details and complicating driver access to personal data.
The Dutch Data Protection Authority (DPA) fined Uber Technologies €10 million for failing to disclose detailed information about how long it retains data related to the EU drivers and for not disclosing the names of countries outside the EEA where it shares data. Additionally, the DPA found that Uber made it unnecessarily complicated for drivers to access their personal data. While the Dutch DPA acknowledged that the Uber app contained a request form, it was not placed in a way that was reachable or easy to read.
The fine came after over 170 French drivers complained to a French human rights organization about Uber’s privacy handling. The case was forwarded to the Dutch DPA as Uber’s headquarters is in the Netherlands. When determining the fine, the Dutch DPA stated that it considered the violations’ severity and gravity.
Uber filed a notice of objection to the DPA’s decision, formally disagreeing with it, but the agency said Uber had subsequently taken action to address the violations.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.