Uber—Uber fined €290 million by Dutch DPA for transferring EU driver data to US without adequate protection
Dutch Data Protection Authority fined Uber €290 million for transferring personal data of EU drivers to the United States without adequate protection between August 6, 2021 and November 21, 2023. Data included account details, taxi licenses, location data, photos, payment details, identity documents, and in some cases criminal and medical data of drivers. Uber stopped using Standard Contractual Clauses from August 2021, leaving driver data insufficiently protected. Uber responded it would appeal, calling the decision 'completely unjustified.' An additional €10 million fine was imposed in January 2024 for related data access rights violations.
Scoring Impact
| Topic | Direction | Relevance | Contribution |
|---|---|---|---|
| Data Security | -against | primary | -1.00 |
| User Privacy | -against | primary | -1.00 |
| Overall incident score = | -0.331 | ||
Score = avg(topic contributions) × significance (critical ×2) × confidence (0.66)× agency (compelled ×0.25)
Evidence (2 signals)
Dutch Data Protection Authority fined Uber €290 million for GDPR violations
Dutch Data Protection Authority fined Uber €290 million (approximately $324 million) for failing to protect European driver data transferred to United States between August 6, 2021 and November 21, 2023. Uber stopped using Standard Contractual Clauses from August 2021, leaving driver data insufficiently protected. Data included account details, taxi licenses, location data, photos, payment details, identity documents, and criminal and medical data.
CNIL reported Uber's €290 million fine for data transfers outside EU
French data protection authority CNIL reported Dutch DPA imposed €290 million fine on Uber for transfers of drivers' data to US. Additional €10 million fine imposed in January 2024 for related data access rights violations.