Uber has been hit with its largest fine to date, with the Dutch Data Protection Authority (DPA) issuing a €290 million ($324 million) penalty to the rideshare company for transferring European taxi drivers’ personal data to the United States without proper safeguards. The DPA found that Uber transferred account details, taxi licenses, location data, photos, payment details, identity documents, and more to servers at their US headquarters for over two years without using any transfer tools, leading to insufficient protection according to GDPR standards. Dutch DPA had fined Uber twice before, first in 2018 for failing to report a data breach timely, and again in 2023 for inadequate disclosure of data retention periods and sharing practices. Uber plans to fight the €290 million fine imposed by the Dutch DPA.
