The Dutch data protection regulator has today issued a $324m (KES 41.796 billion) fine on the ride-hailing app Uber. Uber was penalized by the regulator for failing to properly protect the privacy of drivers when transferring data outside of the European Union (EU). This follows the transfer of driver’s data from Europe to US servers.
According to the Dutch Data Protection Authority (DPA), driver details transferred include ID documents, taxi licenses, location data, photos, and payment details. The watchdog claims that in a number of instances, Uber had even collected and transmitted criminal and medical data. This data was transmitted across the Atlantic to Uber’s USA headquarters for two years. DPA found this activity to be a gross violation of the EU’s General Data Protection Regulation (GDPR).
In addition to the transfer of data to the United States, authorities allege that the data was not adequately protected.
“In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care,” Mr. Aleid Wolfsen, Chairman of the DPA said.
This collective complaint was actually from French Uber drivers who were represented by the Human Rights League. However, the investigation was handled by Dutch regulators as Uber’s European operations are based there.
READ: Little Cab and Uber Clients to Pay More Following Driver Protests
Uber has stated it will appeal the judgment which the company believes is wrong and the fine unjustified. Caspar Nixon, a spokesperson for Uber, said, “Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and U.S,”
The DPA has now fined Uber for a third time, with previous penalties in 2018 and USD 11.17 million last year.