€290 million fine for Uber

Uber, one of the largest providers of transportation services, will apparently have to accept the decision of the Dutch data protection authority (DPA), which imposed a fine of 290 million euros on them for transferring the personal data of European drivers to servers in the United States in violation of the rules of the European Union .

With the transfer, the company is said to have seriously violated the EU General Data Protection Regulation (GDPR), and at the same time they did not ensure adequate data security. The data, including personal documents, taxi licenses and location data, was transferred to the company's US headquarters over two years, according to the watchdog. Uber said it would appeal the fine, which it called "unjustified."

"Uber's cross-border data transfer process has been GDPR compliant during a three-year period of great uncertainty between the EU and the US," said an Uber spokesperson.

The transfer of data to the US is permitted under EU law, but there are certain conditions when this is feasible without the need for additional approval.

The head of the data protection authority, Aleid Wolfsen, said the company failed to meet GDPR requirements to "ensure the level of data protection in relation to transfers in the US". The data protection authority said Uber collected sensitive data from European drivers, including taxi licences, location data, photos, payment details, personal documents, "and in some cases even drivers' criminal and medical details".

The start of the investigation was triggered by a complaint from more than 170 French drivers. This is the third fine for Uber, which has already received fines of €600,000 and €10 million in previous years.

It is far from the only company that has had to pay a fine due to GDPR. TikTok had to pay 345 million euros for violating the privacy of children under GDPR rules.