The Dutch Data Protection Authority (DPA) fined Uber 290 million euros ($324 million). The regulator said it had fined Uber for transferring personal data of European drivers to the United States without applying proper security protocols.
The DPA alleges that for more than two years, Uber collected account details, certificates, location data, photographs, payment details and identity documents from European drivers and transferred them to servers located at its US headquarters. During this time, Uber did not use any data transfer tools; A decision that the DPA deems to be “inadequate protection”.
“Uber did not comply with the GDPR requirements to ensure the level of data protection on transfers to the United States,” the head of the DPA wrote in a statement.
The DPA of the Netherlands had previously fined Uber twice in 2018 and 2023 for $670,000 and $11.2 million, respectively.
