1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Dutch watchdog fines Uber over driver data protection

August 26, 2024

A regulator in the Netherlands has slapped ride-hailing app Uber with a €290 million fine for transferring European drivers' data to the US. The firm described the decision as "extraordinary."

https://p.dw.com/p/4juUd
Uber logo is seen outside the company's headquarters in San Francisco, California
The Dutch regulator has fined Uber twice already, in 2018 and last yearImage: Josh Edelson/AFP

The Dutch data protection watchdog on Monday fined ride-hailing app Uber for a "serious violation" of the rules by transferring data about its drivers to servers in the United States.

What the regulator said

The regulator hit Uber with a €290 million (roughly $324 million) penalty for a breach of the European Union's General Data Protection Regulation (GDPR).

The Dutch Data Protection Authority (DPA) said Uber collected European drivers' sensitive information. This included taxi licenses, photos, payment details, location information, identity documents, "and in some cases even criminal and medical data of drivers."

"Uber did not meet the requirements of the GDPR to ensure the level of protection to the data with regard to transfers to the US. That is very serious," DPA chairman Aleid Wolfsen said.

Over two years, the DPA said, the information was transferred to Uber's US headquarters without using transfer tools that filter information.

"Because of this, the protection of personal data was not sufficient," the DPA said.

What was the response from Uber?

Uber said it would appeal the fine.

"This flawed decision and extraordinary fine are completely unjustified," a spokesperson said.

"Uber's cross-border data transfer process was compliant with GDPR during a three-year period of immense uncertainty between the EU and US. We will appeal and remain confident that common sense will prevail."

The EU has brought in rules for big tech firms and imposed hefty fines for breaches.

Identity theft: How secure is your personal data online?

The DPA launched an investigation after more than 170 French drivers complained to a French human rights interest group that complained to the French data protection watchdog.

Why was the Dutch regulator involved?

Businesses that process data in several EU countries must deal with the data protection authority where its main office is located. Uber's European headquarters are in the Netherlands.

"In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care," the DPA's Wolfsen said. "But sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale. That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union."

It's the third fine that the DPA in the Netherlands has leveled against Uber, after penalties of €600,000 in 2018 and €10 million last year.

rc/msh (AFP, Reuters)

Correction: The initial picture caption contained a spelling mistake. The year read 2108 instead of 2018. This has now been corrected. We apologize for the initial error.