The Dutch information safety watchdog slapped a 290 million euro ($324 million) fantastic Monday on ride-hailing service Uber for allegedly transferring private particulars of European drivers to the USA with out satisfactory safety. Uber known as the choice flawed and unjustified and stated it could attraction.
The Dutch Knowledge Safety Authority stated the information transfers spanning greater than two years amounted to a critical breach of the European Union’s Basic Knowledge Safety Regulation, which requires technical and organizational measures geared toward defending consumer information.
“In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care,” Dutch DPA chairman Aleid Wolfsen stated in an announcement.
“But sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale. That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union. Uber did not meet the requirements of the GDPR to ensure the level of protection to the data with regard to transfers to the U.S. That is very serious.”
The case was initiated by complaints from 170 French Uber drivers, however the Dutch authority issued the fantastic as a result of Uber’s European headquarters is within the Netherlands.
Uber insisted it did nothing incorrect.
“This flawed decision and extraordinary fine are completely unjustified. Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and U.S. We will appeal and remain confident that common sense will prevail,” the corporate stated in an announcement.
The alleged breach got here after the EU’s prime court docket dominated in 2020 that an settlement generally known as Privateness Protect that allowed hundreds of corporations — from tech giants to small monetary corporations — to switch information to the USA was invalid as a result of the American authorities might eavesdrop on individuals’s information.
The Dutch information safety company stated that following the EU court docket ruling, customary clauses in contracts might present a foundation for transferring information outdoors the EU, “but only if an equivalent level of protection can be guaranteed in practice.”
“Because Uber no longer used Standard Contractual Clauses from August 2021, the data of drivers from the EU were insufficiently protected,” the watchdog stated. It added that Uber has been utilizing the successor to Privateness Protect because the finish of final yr, ending the alleged breach.
The Pc & Communications Trade Affiliation, an advocacy group for tech corporations, stated the fantastic ignored the realities of on-line enterprise within the aftermath of the 2020 EU court docket ruling.
“The busiest internet route in the world could not simply be put on hold for three entire years while governments worked to establish a new legal framework for these data flows,” the affiliation’s European head of coverage, Alexandre Roure, stated in an announcement.
“Any retroactive fines by data protection authorities are especially worrisome given that these very privacy watchdogs failed to provide helpful guidance during this period of significant legal uncertainty, in absence of any clear legal framework,” he added.
Monday’s announcement just isn’t the primary time the Dutch information safety watchdog has fined Uber. In January, the company fined it 10 million euros over what it stated was the corporate’s failure to reveal how lengthy it retained information from drivers in Europe or to call non-EU nations it shared the information with.
