Uber Hit by a €290M Fine for Breaching EU’s GDPR

by
Krishi Chowdhary
from Techreport on (#6Q9X0)
Uber-1200x674.jpg
  • The Dutch DPA announced on Monday that Uber is getting hit by a massive 290m ($324m) fine for transferring the data of EU drivers to its US servers.
  • The investigation was triggered after more than 170 French drivers complained about their data being shipped off to the US.
  • Uber feels this fine is unjust and has decided to appeal against it.

Uber-300x169.jpg

Uber, the popular online cab service, has been hit by a 290m ($324m) fine for violating EU laws and transferring the personal information of its European drivers to its US servers over a period of 2 years.

Transferred information includes :

  • Driver's license
  • Payment deals
  • Medical records
  • Criminal records
  • ID documents
  • Location data

The news came from The Dutch Data Protection Authority (DPA) on Monday which said that these transfers were a severe violation of the EU's General Data Protection Regulation (GDPR).

What added to the problem is that the data was sent over without the use of proper transfer tools" which means it wasn't adequately protected. When businesses send data outside the EU, they are required to take additional precautions but Uber didn't do so.

As a result, more than 170 French Uber drivers filed complaints against the company which led to an investigation by the Dutch DPA.

Interestingly, this isn't the first time that Uber has gotten in trouble with the DPA.

  • The first incident happened in 2018 when the DPA imposed a fine of 600,000 on Uber for failing to report a data breach.
  • Then again earlier this year, another fine of 10 million was imposed on the company for failing to disclose its data retention practices with regards to the data of EU drivers.
  • The company apparently refused to say which countries the data was being sent to, denying its drivers their right to privacy.
What Does Uber Have to Say About This?

Uber feels this fine is unjustified" and has decided to challenge it. In a statement, a spokesperson for the company said that Uber's cross-border data transfer process was perfectly compliant with GDPR during a three-year period of immense uncertainty between the EU and the US.

The uncertainty here refers to the EU striking down of the EU-US Privacy Shield agreement and the years that followed during which both parties tried to establish a safe way to transfer data.

It's not that one cannot transfer data from the EU to the US. However, there's a lot of uncertainty about when you can do it and whether you need any special authorization or not.

The Computer and Communications Industry Association of Europe seems to side with Uber here. It said that the three-year gap between the abolition of the EU-US Privacy Shield agreement and the implementation of the new Data Privacy Framework in 2023 left businesses with no legal way to transfer data.

And although the new law framework has helped smoothen out things, it can't make up for the three-year gap. And you can't expect businesses to put their operations on hold for three years either.

Meanwhile, if Uber does decide to appeal against the fine, it needs to file the objection within a week.

The post Uber Hit by a 290M Fine for Breaching EU's GDPR appeared first on The Tech Report.

External Content
Source RSS or Atom Feed
Feed Location https://techreport.com/feed/
Feed Title Techreport
Feed Link https://techreport.com/
Reply 0 comments