Uber has been ordered by the Dutch Data Protection Authority to pay a $324 million penalty over its alleged insecure transfer of European drivers' personal information to the U.S. for over two years, which was noted to be a significant violation of the European Union's General Data Protection Regulation, according to The Associated Press.
"In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care. But sadly, this is not self-evident outside Europe... Uber did not meet the requirements of the GDPR to ensure the level of protection to the data with regard to transfers to the U.S. That is very serious," said Dutch DPA Chair Aleid Wolfsen. Such a decision will be appealed by Uber, which insisted no wrongdoing in the data transfer. "This flawed decision and extraordinary fine are completely unjustified. Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and U.S." said the ride-hailing firm.
