The Information Safety Company (DPA) of the Netherlands fined Uber 290 million euros on Monday for violating the EU Basic Information Safety Regulation (GDPR) by storing the private information of European taxi drivers on US servers.
The DPA discovered that Uber didn’t sufficiently shield the private information that it transferred to the US. Uber despatched private information from the EU to its headquarters within the US for 2 years with out the usage of switch instruments to guard the information. Switch instruments include encryption and pseudonymisation, and needs to be used when sending private information exterior of the EU, in response to the DPA.
Companies in Europe are permitted to switch information exterior of the EU via a Standard Contractual Clause, which is a mannequin contract accredited by the European Fee. Nonetheless, companies that retailer private information exterior the EU usually must make the most of extra measures, comparable to switch instruments, to make sure that EU information safety requirements are met.
Particular rules apply to information transfers to the US. American companies that take part within the Information Privateness Framework are handled as having a degree of knowledge safety that’s equal to that of the EU, in response to an adequacy decision of the European Fee from 2023. EU residents might submit a criticism concerning how their private information is dealt with, even when the enterprise is a member of the Information Privateness Framework.
The investigation by Dutch authorities was triggered by a criticism from 170 taxi drivers in France. Since Uber’s European headquarters are within the Netherlands, the Dutch DPA was accountable for the investigation.
The information that was transferred included “location information, photographs, cost particulars, identification paperwork, and in some instances even legal and medical information of drivers”. The GDPR establishes the safety of non-public information as a basic right within the EU.
Uber has indicated its intent to attraction the fantastic, in response to the DPA.
Source / Picture: jurist.org