Uber has been fined 10 million euros by the Dutch Data Protection Authority (AP) for not being transparent about how it handles the personal data of European drivers. The AP’s investigation revealed that Uber failed to provide clear information regarding the duration for which it retains driver data and the specifics of data transfer to countries outside Europe. This lack of transparency has raised concerns about the protection of drivers’ privacy rights within the European Union.
The fine was prompted by a complaint from 170 French drivers, who faced difficulties accessing their personal data held by Uber. Under the EU’s General Data Protection Regulation (GDPR), individuals have the right to access personal data collected by companies. While Uber had a digital form for such requests, it was found to be hard to locate, creating an unnecessary barrier for drivers seeking to exercise their privacy rights.
AP chairman Aleid Wolfsen emphasized the importance of data processing transparency in safeguarding privacy. He stated that without knowledge of what happens to personal data, individuals cannot protect themselves against potential discrimination or infringement of their rights. The AP’s actions underscore the legal requirement for companies to facilitate easy access to personal data for individuals.
Despite the fine, Uber has taken steps to improve its practices and has contested the penalty. The company, with annual revenues in the tens of billions, has addressed the issues raised by a small number of drivers and continues to work on optimizing data request processes. Uber maintains that most of the drivers’ complaints were deemed unfounded by the AP, demonstrating their commitment to constructive engagement with regulatory authorities.