Uber has been served with a huge EU fine for data protection failures. The Dutch Data Protection Authority imposed a fine worth €290 million on Uber, which is roughly $325 million. This is due to breaching the protection of the drivers’ data against the General Data Protection Regulation.
The investigation revealed that Uber was collecting sensitive information about drivers, including account information, taxi licenses, and location data. Additionally, the company facilitated storage of that information on servers located in the US, while not providing proper transfer tools. The protection of personal data simply was not good enough.
This fine comes after a complaint from 170 French Uber drivers. The case was referred to the Dutch DPA because Uber’s European headquarters is based in the Netherlands. Remarkably, this is not the first time that Uber has run afoul of the GDPR.
Earlier, the company was fined over similar data privacy issues, in 2018, it received a fine of €600,000 for a data breach, and in 2023, it faced another €10 million related to privacy issues concerning European drivers.
Uber plans to appeal the ruling. The Dutch DPA did, however, confirm that the company has “ended the violation”. Other tech giants were fined a high amount for GDPR non-compliance, showing that the EU has by no means slackened its interest in data protection laws.