Uber fined $324M over EU drivers data transfer breach
Ride-hailing platform Uber has been fined €290 million -- around $324 million at current exchanges rates
Ride-hailing platform Uber has been fined €290 million — around $324 million at current exchanges rates — by the Netherlands’ privacy watchdog for breaching the European Union’s General Data Protection Regulation (GDPR).
The penalty is related to transfers of personal data of drivers out of the European Union to the US, where Uber’s main business is located. The GDPR allows for fines of up to 4% of global annual turnover to be levied for non-compliance.
Uber’s full year revenue for 2023 was around €34.5 billion — so the level of sanction is well below that maximum. However, it is still a notable amount as it’s among the largest penalties levied on a tech company since the GDPR began operating back in 2018.
The fine is the outcome of a series of complaints made by more than 170 Uber drivers in France back in 2021. The Dutch regulator, the Autoriteit Persoonsgegevens (or AP), leads on GDPR oversight of Uber as the company has its main EU establishment in the country. It investigated complaints over how the company processes the drivers’ personal data. Complaints were submitted through a human rights organization, Ligue des droits de l’Homme (LDH), to France’s privacy watchdog and then passed to the AP.
In January, Uber was fined €10 million for data access rights pertaining to the same complaints. But the new fine announced Monday dwarfs the earlier penalty — landing it a new spot on the list of tech giants stung with the ten biggest GDPR fines, just below mid-table.
The size of the penalty reflects the seriousness of the breach, per the AP, which wrote in a press release that Uber had failed to “appropriately safeguard” data which it transferred out of the EU — dubbing that “a serious violation”.
Article