DUTCH REGULATOR FINES UBER €290 MILLION FOR DATA BREACH. (PHOTO).

 Dutch Regulator Fines Uber €290 Million for Data Breach

The Dutch Data Protection Authority (DPA) announced on Monday that it has fined Uber 290 million euros, approximately $324 million, for transferring the personal data of European drivers to U.S. servers. According to the regulator, these transfers constituted a "serious violation" of the European Union's General Data Protection Regulation (GDPR) because Uber failed to adequately protect the drivers' information. "Uber did not meet the requirements of the GDPR to ensure the level of protection to the data concerning transfers to the U.S. That is very serious," said Aleid Wolfsen, chairman of the Dutch Data Protection Authority, in a statement.

The DPA detailed that Uber had collected sensitive information from European drivers, including taxi licenses, location data, photos, payment details, identity documents, and in some cases, even criminal and medical data. Over a period of two years, this information was transferred to Uber’s U.S. headquarters without using proper data transfer tools. “Because of this, the protection of personal data was not sufficient,” the DPA stated, highlighting the lack of adequate safeguards as a key factor in their decision to impose the fine.

In response, Uber has vowed to appeal the fine, describing the decision as flawed and the penalty as excessive. “This flawed decision and extraordinary fine are completely unjustified,” an Uber spokesperson said. The spokesperson further argued that Uber's cross-border data transfer process was compliant with GDPR during three years of "immense uncertainty" between the EU and the U.S. "We will appeal and remain confident that common sense will prevail," the statement concluded.