Uber faces €10M fine from Dutch watchdog for privacy breaches
The Dutch Data Protection Authority (DPA) fined Uber €10 million ($11 million) on Wednesday for not adhering to privacy regulations related to its drivers' personal data.
The DPA's investigation revealed that Uber's terms and conditions lacked clarity about the duration of data retention and the security measures for data transferred outside the European Economic Area (EEA) to unspecified countries.
Further, the DPA criticized Uber for hindering drivers from exercising their privacy rights, citing the company's overly complex process for personal data access requests. However, the authority acknowledged Uber's efforts to address these issues, with an Uber spokesperson noting that the company resolved several 'low impact' concerns raised by drivers, and most claims were deemed baseless.
Uber, committed to enhancing its data request procedures, faced this penalty following complaints from over 170 French drivers to a human rights organization in France. The complaint was initially filed with the French data protection authority but was transferred to the Dutch DPA due to Uber's European headquarters being in the Netherlands.