(Reuters) – The Dutch data protection authority, the DPA, in cooperation with France’s Commission Nationale de l’Informatique et des Libertés (CNIL), has fined Uber 290 million euros ($325 million) for transferring personal data outside the European Union without sufficient safeguards, the CNIL said on Monday.
“Following the investigations carried out, the Dutch Data Protection Authority has found that the processing of personal data of drivers for which UBER BV and UBER TECHNOLOGIES INC. are jointly responsible is being transferred to the United States,” the CNIL said in a press release, specifying that these transfers violated the General Data Protection Regulation (GDPR).
Reacting to this “extraordinary” fine, Uber denounced a “biased decision” and a “totally unjustified” sanction, assuring that it had complied with the GDPR during a three-year period of “immense uncertainty” in terms of data transfer between Europe and the United States.
The CNIL had received a collective complaint from the association La Ligue des droits de l’Homme (LDH), representing more than 170 French drivers of the Uber platform concerning the information of individuals and the transfers of personal data outside the EU.
The Dutch data protection authority was competent to conduct investigations into this case, as Uber has its main establishment in the Netherlands, specifies the CNIL.
The DPA had already issued a first fine of ten million euros last December for several failures to inform drivers.
(Written by Diana Mandiá, edited by Tangi Salaün)
Copyright © 2024 Thomson Reuters
I have over 8 years of experience working in the news industry. I have worked as a reporter, editor, and now managing editor at 247 News Agency. I am responsible for the day-to-day operations of the news website and overseeing all of the content that is published. I also write a column for the website, covering mostly market news.
