AMSTERDAM (Reuters) – Ride-hailing platform Uber (NYSE:UBER) has been fined 290 million euros ($324 million) in the Netherlands for sending the personal data of European taxi drivers to the United States in violation of EU rules, Dutch data protection watchdog DPA said on Monday.
Uber has stopped the practice, DPA added.
“This flawed decision and extraordinary fine are completely unjustified. Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and U.S.. We will appeal and remain confident that common sense will prevail,” Uber spokesperson Caspar Nixon told Reuters in an email.
“Uber transferred personal data of European taxi drivers to the United States and failed to appropriately safeguard the data,” the DPA said
“This constitutes a serious violation of the General Data Protection Regulation (GDPR),” it said.
The investigation was triggered by a complaint from French taxi drivers.
French national data protection regulator CNIL said in a separate statement that it had cooperated with its peer in the Netherlands where Uber has its main European base.
($1 = 0.8942 euros)
