Dutch Watchdog fines Uber €290 million for data transfer violations

Uber plans to appeal against the fine imposed for breaching GDPR with data transfers.

Uber was fined €290 million in the Netherlands for transferring European drivers' data to the US, breaching GDPR.

American multinational transportation company Uber faces a significant penalty of €290 million in the Netherlands for transferring the personal data of European taxi drivers to the United States. The Dutch Data Protection Authority (DPA) ruled that the ride-hailing company violated the General Data Protection Regulation (GDPR) by failing to safeguard the data appropriately. Data transfer to the US was deemed a serious breach of the EU privacy laws.

Uber, which has halted the practice, plans to appeal the fine, arguing that its data transfer process complied with GDPR during legal uncertainty between the EU and the US. The appeal process could extend over four years, during which any fines will be suspended.

The case originated from a complaint by a French human rights organisation on behalf of over 170 taxi drivers in France. Although the complaint was initially filed with France’s national data protection regulator, CNIL, it was forwarded to the Dutch DPA because Uber’s European headquarters is in the Netherlands.

Earlier this year, Uber was also fined €10 million by the DPA for other privacy infringements involving its drivers’ data. These fines reflect increasing scrutiny over how global tech companies handle sensitive data across borders.