The European Union takes the transfer of personal data very seriously, especially when the transfer is across borders. Its General Data Protection Regulation (GDPR) is in place to ensure the data transfers take into account the needed safeguards to protect privacy and that violation of the protection is to be held accountable. Uber is currently in hot waters for not adhering to the regulations and facing hefty fines, which might be one of the largest penalties for non-compliance with the rules.
Uber is facing a penalty of nearly USD 324 million for lack of compliance regarding personal data transfer
The General Data Protection Regulation passed by the European Union in 2016 changed how companies manage and share personal data. The GDPR requires companies to inform EU citizens explicitly about gathering their information. Uber has to face the brunt of this strict regulation as it is currently facing a fine of 290 million euros, which equates to about $324 million. This might be one of the largest fines imposed by the EU under this rule since it was implemented.
The penalty was levied by the Dutch Data Protection Authority (DPA), where Uber was held accountable for not abiding by the rules as it failed to safeguard European driver's personal information when it was being transferred to the U.S. Although Uber is not continuing the practice, it still has a huge fine to cater to.
The regulators, in their statement, expressed the seriousness of the issue and how it was taken lightly by Uber as they did not meet the given requirements. He expressed:
Uber did not meet the requirements of the GDPR to ensure the level of protection to the data with regard to transfers to the US.
The personal information retained was in violation of the GDPR and included sensitive data such as photos, payment details, licenses, identification documents, and even sometimes medical and criminal records. The data was moved without proper transfer tools that could ensure adequate protection of information. The lapse in security measures during the transfer posed some serious concerns regarding potential vulnerabilities and breaches.
Meta did receive a similar penalty in 2023 and was the largest fine imposed of about $1.3 billion. Other companies have also been held accountable for not ensuring sufficient protection. Uber has said to have appealed the ruling and suggested that the heavy fine is not justified given their compliance, and the decision was not fair. Uber's spokesperson, Caspar Nixon, wrote in an email:
Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and the US. We will appeal and remain confident that common sense will prevail.
Infringement of privacy regulations poses serious trouble for companies, and they are required to ensure data is safeguarded to avoid such heavy penalties.
Follow Wccftech on Google to get more of our news coverage in your feeds.
