Experience-hailing service failed to offer enough safety to information generated in EU
Commerce
Dutch regulator The Private Information Authority has fined Uber €290 million below the Normal Information Safety Regulation (GDPR) for transferring private information of European cab drivers to the US with out enough enough safety.
The Authority discovered Uber collected delicate info from drivers in Europe and saved it on servers within the US. This included account info and cab licenses, location information, pictures, fee info, IDs, and in some instances even prison and medical information.
Uber transmitted that information to its US headquarters in San Francisco for greater than two years with out utilizing a switch instrument that anonymised info.
The EU Courtroom of Justice declared Privateness Defend – the authorized instrument making certain information on European residents wouldn’t be transferred to the US – invalid in 2020. In line with the Courtroom, mannequin contracts might nonetheless present a legitimate foundation for information transfers to nations exterior the EU. However provided that an equal degree of safety will be assured in follow. As a result of Uber didn’t use a mannequin contract as of August 2021, the info of EU drivers was inadequately protected, in accordance with the Private Information Authority.
Uber has been utilizing the successor to Privateness Defend – the EU-US Information Privateness Framework – since late final yr.
The Authority launched an investigation into Uber after greater than 170 French drivers filed a grievance with the Ligue des droits de l’Homme (LDH), a French human rights advocacy organisation. LDH then filed a grievance with the French privateness regulator.
The GDPR regulates that firms processing information in several EU nations should cope with one privateness regulator: the one within the nation the place the corporate is predicated. Uber’s European headquarters is within the Netherlands. In the course of the investigation, the AP labored intently with the French regulator and coordinated the choice with different European regulators.
That is the third nice imposed by the AP on Uber. In 2018, it was hit with a €600,000 nice on Uber, and in 2023, a €10 million nice. Uber objected to the latter nice.
