Home > Latest News > Uber Fined $478 Million For ‘Serious’ Data Breaches

Uber Fined $478 Million For ‘Serious’ Data Breaches

It began with complaints from more than 170 French Uber drivers, and ended with the ride share company being slapped with a 290 million euro (A$478 million) fine for transferring data across the Atlantic without taking satisfactory precautions.

In some cases it included drivers’ medical data and criminal histories.

The Dutch Data Protection Authority (DPA) said it started the investigation into Uber after the drivers complained to a French human rights group, which then made representations to the French DPA.

According to Europe’s General Data Protection Regulation (GDPR), “businesses that process data in several EU Member States have to deal with one DPA: the authority in the country in which the business has its main establishment”. 

Uber’s European headquarters is based in the Netherlands. 

“During the investigation, the Dutch DPA closely cooperated with the French DPA and coordinated the decision with other European DPAs,” said the Dutch DPA.

The Dutch DPA found that “Uber transferred personal data of European taxi drivers to the United States and failed to appropriately safeguard the data with regard to these transfers … this constitutes a serious violation of the GDPR. In the meantime, Uber has ended the violation.”

Dutch DPA chairman Aleid Wolfsen said European countries required business and government to “handle data with due care … but sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale. That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union.” 

All DPAs in Europe employ the same calculation when setting fines. The maximum is 4% of the worldwide annual turnover of a business.

“Uber had a worldwide turnover of around 34.5 billion euro in 2023,” the Dutch DPA said.

It noted “Uber has indicated its intent to object to the fine”.

The BBC quoted Uber: “Uber’s cross-border data transfer process was compliant with GDPR during a three-year period of immense uncertainty between the EU and US. This flawed decision and extraordinary fine are completely unjustified.”

The Dutch DPA found that “Uber collected, among other things, sensitive information of drivers from Europe and retained it on servers in the US. It concerns account details and taxi licences, but also location data, photos, payment details, identity documents, and in some cases even criminal and medical data of drivers. For a period of over 2 years, Uber transferred those data to Uber’s headquarters in the US, without using transfer tools.”

This is the third fine the Dutch DPA has imposed on Uber – the previous being a 600,000 euro fine in 2018 and a 10 million euro fine in 2023 (Uber has objected to this fine).



You may also like
Cybercriminal Claims They Hacked Into Apple And AMD Days Apart
Bunnings Is Australia’s Most Trusted Brand, Woolworths Drops After Woke Campaign
ACMA Fines Outdoor Supacentre $300,000
Uber Drivers Can Soon Be Hired For Chores
Kmart Fined $1.3 Million Over Spam Emails & Ignored Warnings

Popular Posts

LG Cuts Costs After Failing To Hire New Sales Director After Exit Of Richardson
Latest News
/
/
Switch Game Library Will Be Compatible With Successor: Nintendo
Latest News
/
/
REVIEW: It’s Party Box Time & BlueAnt Has A New Speaker That Comes With Two Free Wireless Mics
Latest News
/
/
CEDIA Show Takes A Dive, Will It Survive
Latest News
/
/
Is Apple Pushing Back OLED Over Cost And Supply Chain?
Latest News
/
/

Digital Magazines

Recent Post

LG Cuts Costs After Failing To Hire New Sales Director After Exit Of Richardson
Latest News
/
//
Comments are Off
It appears that LG Electronics has moved to slash costs as opposed to hiring a new Sales Director, following the...
Read More