Uber has been fined 290 million euros (£250 million) in the Netherlands for transferring the personal data of European taxi drivers to the United States, violating EU regulations, the Dutch data protection watchdog DPA announced on Monday.
The fine was imposed following an investigation triggered by a complaint from French taxi drivers. The French national data protection regulator CNIL also confirmed its cooperation with the DPA in the Netherlands, where Uber has its main European base.
In response to the ruling, Uber spokesperson Caspar Nixon expressed strong disagreement. "This flawed decision and extraordinary fine are completely unjustified. Uber's cross-border data transfer process was compliant with GDPR during a three-year period of immense uncertainty between the EU and the U.S. We will appeal and remain confident that common sense will prevail," Nixon stated in an email to Reuters.
The DPA noted that Uber has since ceased the practice of transferring personal data to the United States but emphasised that the company had failed to adequately safeguard the data during the period in question.
"This constitutes a serious violation of the General Data Protection Regulation (GDPR)," the DPA stated.