Menu
A smartphone displaying a navigation app is mounted on a car dashboard. The dashboard has a large display screen showing a radio channel, "RFM." The steering wheel and part of the driver's hand are partially visible. The background is blurred, indicating motion.

Yango Faces €100 Million GDPR Fine for Sharing Personal Data Outside EU

, , , , , , , , , ,

The Dutch Data Protection Authority (AP) has fined MLU, the Netherlands-based company behind the taxi app Yango, €100 million for allegedly sharing personal data of users in Norway and Finland with Russia without sufficient security measures. MLU is a subsidiary of the Russian tech giant Yandex. The AP highlighted that personal data in Russia is not protected to the same standard as in Europe, raising concerns about potential access by the Russian government. Sensitive data from customers and drivers, including driving license scans, home addresses, and precise location information, were reportedly stored on servers located in Russia, which violates European data protection rules.

European regulations require that personal data transferred outside the EU must be protected at a level equivalent to that within the EU. The investigation, conducted jointly by Dutch, Norwegian, and Finnish privacy authorities, found that Yango failed to meet these standards. MLU, however, disputes these claims, stating that the data was stored exclusively within the EU in pseudonymized and encrypted form, making it inaccessible to unauthorized parties. The company also noted that Yango ceased operations in Norway and Finland last year and has cooperated fully with the investigation.

Yandex, MLU’s parent company, has faced accusations of cooperating with Russian authorities to develop intelligence tools potentially used against Ukraine and domestic political opposition. After European sanctions targeted Yandex’s founder Arkady Volozh, the company restructured its European operations, forming a new Dutch entity called Nebius. This entity, along with its subsidiary Toloka, is involved in artificial intelligence projects and has attracted significant investment from global tech leaders, including Amazon’s Jeff Bezos and Meta.

The €100 million fine reflects Yandex’s substantial revenue, which exceeded €12 billion in 2024. MLU has the right to appeal the decision. The case underscores the importance of strict compliance with GDPR rules, especially regarding cross-border data transfers to countries lacking independent privacy regulators. It also highlights the growing scrutiny of companies with ties to jurisdictions where data privacy standards differ significantly from the EU.

  • Save

Related Posts

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Copy link
CopyCopied