Netherlands Fines Uber $324M Over Data Breach
0:00
/1861
Facts
- The Dutch Data Protection Authority (DPA) Monday announced that it fined ride-sharing company Uber €290M ($324M) for transferring Europeans' data to its US-based headquarters. Uber's European headquarters is in the Netherlands.[1]
- The DPA alleges that the transfer of data over a two-year period — including account information, taxi licenses, photos, identification documents, and some criminal and medical data — violated the EU's General Data Protection Regulation (GDPR).[2][3]
- Although companies are allowed to transfer such data to the US, the GDPR requires that it be done with certain transfer tools to ensure the data is safe. The DPA said Uber's 'protection of personal data was not sufficient.'[4]
- The DPA began its initial investigation at the behest of 170 Uber drivers who claimed their data privacy was violated. They were represented by the French group Human Rights League.[2]
- In defense of Uber, the Computer & Communications Industry Association (CCIA Europe) said the European Commission last year ruled that Uber didn't have to change its data transfer policies, calling these fines 'retroactive' penalties from 2020-2023, during which there was no 'clear legal framework.'[5]
Sources: [1]BBC News, [2]New York Times, [3]Verge, [4]Barrons and [5]Euronews.
Narratives
- Narrative A, as provided by Autoriteit Persoonsgegevens. The GDPR established clear guidelines for companies who wish to transport data out of Europe and into other countries. But Uber decided to handle this incredibly personal information without care, so it must be hit with a severe fine. Now that Uber has been found guilty three times, hopefully, it will begin to follow the rules over users' privacy.
- Narrative B, as provided by Europeanconservative. It's ironic that European authorities are chastising Uber at the same time their own parliament is being sued for being careless with people's data. A cyber attack exposed the sensitive personal data of some 8K European Parliament workers, and the government failed to disclose the breach for months. The EU should get its own house in order before it goes after Uber.