You might not be thinking of your Cyber Security when getting in the back of an Uber, but recently they’ve had a heavy fine by the DPA. You might be wondering why they’ve just been hit with a massive €290 million fine. Well, the reason is from breaking EU data protection laws. The issue? They were caught sending personal data outside the EU without proper safeguards in place. It’s always the one you least expect!
How can Uber get fined for Data Protection?!
This hefty fine was handed down by the Dutch Data Protection Authority (DPA). Also, by a watchdog partnership with the French agency CNIL. Uber and its parent company, Uber Technologies, were found jointly responsible for this situation.
To put this fine in perspective, it’s around 4% of Uber’s global revenue. This was about €34.5 billion in 2023. No small change, for sure. The drama continues here as Uber plan to fight the fine, as probably any business would.
What did Uber do?
So, where did it all go wrong? The DPA discovered that Uber was transferring data from European taxi drivers to the U.S. without the necessary protections in place. This is a major violation of the EU’s General Data Protection Regulation (GDPR).
The watchdog had previously received a collective complaint from La Ligue des droits de l’Homme, representing over 170 Uber drivers. It turns out, Uber had been collecting all sorts of sensitive information—account details, licenses, location data, photos, payment details, and even some drivers’ criminal and medical records—and sending it to the U.S. for more than two years. And all this without the proper legal protections required by the GDPR.
Aleid Wolfsen, the head of the Dutch DPA, emphasized that the GDPR is there to protect people’s fundamental rights by ensuring companies and governments treat personal data with care. Unfortunately, this doesn’t seem to be a given outside Europe.
Conclusion
This latest fine is actually the biggest one ever issued by the DPA, according to Bloomberg.
I know earlier I mentioned that you wouldn’t expect Uber to be fined by the DPA, but this isn’t Uber’s first rodeo. Back in December 2023, they were slapped with a €10 million fine for not providing clear information to drivers and for other privacy issues. And let’s not forget the €600,000 fine in 2018 after a cybersecurity incident exposed the personal data of 57 million Uber users globally. The truth is that any business/organisation, or even individual can be fined if they have personal information of others and don’t adhere to the guidelines. Everyone has to play by the same book.
We hope you’ve liked this blog and that you’ll stick around to see our future releases. We cover everything from recent IT News to Knowledgebase articles. Thanks for reading!