Uber Fined €290M for GDPR Data Violations

The Dutch Data Protection Authority (DPA) has fined Uber €290 million ($324 million) for transferring European drivers' personal data to the US without adequate protection, violating GDPR regulations. This fine, the largest ever issued by the Dutch DPA, stems from complaints by over 170 French drivers. The DPA found that Uber failed to use required transfer tools, exposing sensitive data such as photos, IDs, and even medical and criminal records. Uber, which has been fined by the Dutch regulator twice before for other GDPR violations, plans to appeal the decision, insisting that their data transfer processes complied with GDPR during a period of regulatory uncertainty between the EU and US. DPA Chairman Aleid Wolfsen emphasized the importance of protecting European data when stored outside the EU.