The Dutch information security guard dog on Monday located ride-hailing application Uber for a “serious violation” of the regulations by moving information regarding its vehicle drivers to web servers in the United States.
What the regulatory authority claimed
The regulatory authority hit Uber with a EUR290 million (about $324 million) charge for a violation of the European Union’s General Data Protection Regulation (GDPR).
The Dutch Data Protection Authority (DPA) claimed Uber gathered European vehicle drivers’ delicate info. This consisted of taxi licenses, pictures, repayment information, place info, identification files, “and in some cases even criminal and medical data of drivers.”
“Uber did not meet the requirements of the GDPR to ensure the level of protection to the data with regard to transfers to the US. That is very serious,” DPA chairman Aleid Wolfsen claimed.
Over 2 years, the DPA claimed, the info was moved to Uber’s United States head offices without utilizing transfer devices that filter info.
“Because of this, the protection of personal data was not sufficient,” the DPA claimed.
What was the action from Uber?
Uber claimed it would certainly appeal the penalty.
“This flawed decision and extraordinary fine are completely unjustified,” a spokesperson claimed.
“Uber’s cross-border data transfer process was compliant with GDPR during a three-year period of immense uncertainty between the EU and US. We will appeal and remain confident that common sense will prevail.”
The EU has actually generated regulations for huge technology companies and enforced large penalties for violations.
The DPA introduced an examination after greater than 170 French vehicle drivers grumbled to a French civils rights single-interest group that grumbled to the French information security guard dog.
Why was the Dutch regulatory authority included?
Businesses that refine information in numerous EU nations should handle the information security authority where its major workplace lies. Uber’s European head offices remain in the Netherlands.
“In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care,” the DPA’s Wolfsen claimed. “But sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale. That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union.”
It’s the 3rd penalty that the DPA in the Netherlands has actually leveled versus Uber, after charges of EUR600,000 in 2018 and EUR10 million in 2015.
rc/msh (AFP, Reuters)