The Dutch data protection authority (Autoriteit Persoonsgegevens, AP) fined the American taxi ordering service Uber 290 million EUR for the transfer of personal data of European drivers to the USA, according to a message published on the department's website.
The kingdom's authorities consider such actions by the company to be a violation of the EU's General Data Protection Regulation (GDPR). In addition, according to AP chairman Aleide Wolfsen, Uber did not provide the necessary level of protection of personal data of drivers when they were transferred to its US headquarters. In this way, the company collects confidential information, including payment and driver identification card data, as well as medical information, and stores it on US servers without using the necessary tools to protect personal data.
The AP press office notes that the department launched an investigation into Uber after more than 170 French taxi drivers contacted the human rights group League for Human Rights, which in turn filed a complaint with the French regulator in the field of data protection. At the same time, the GDPR stipulates that companies processing data in different EU countries work with one supervisory authority – in the country where the regional headquarters of the company is located. Uber's European headquarters are in the Netherlands, so the AP was authorized under EU law to investigate the taxi service.
According to Reuters, Uber considers the decision of the Dutch authorities wrong and unfounded, the company intends to challenge it.
Uber is an American international company that created a mobile application of the same name for ordering taxis. The company was founded in 2009. Uber is headquartered in San Francisco, California.