HomeRisk ManagementsDutch Data Regulator Fines Uber 10 Million Euros

Dutch Data Regulator Fines Uber 10 Million Euros

Published on

spot_img

A Dutch data protection authority has ordered ride-hailing app Uber to pay a fine of 10 million euros for its inadequate transparency and data practices. The oversight by the regulator discovered that Uber failed to disclose how long it retained driver data and which employees outside of Europe had access to the data, thereby violating the data processing and transparency requirements of the European General Data Protection Regulation (GDPR). The fine comes as a result of complaints lodged by 172 French Uber drivers and Paris-based civil society organization Ligue des Droits de l’Homme et du Citoyen.

According to the Dutch Data Protection Authority, Uber was found to have put up unnecessary barriers for users exercising their right to privacy. They made it difficult for users to request access to their personal data, requiring them to navigate through six steps to do so. Additionally, the data the company provided was considered too general, and while Uber stated that it would retain customer data for “as long as necessary for various purposes,” the regulator claimed that this was not detailed enough. Uber had since altered the data duration to seven years; however, the Dutch data protection authority maintained that the company had still not formulated it in sufficiently specific terms.

The oversight by the regulator also exposed that Uber’s privacy policy failed to provide details on what user data was being processed in which country. These transparency and access issues had been ongoing from 2018 until February 2022, when the company revised its practices.

This is not the first time that Uber has faced regulatory action over its data and security practices. In a separate incident, the company was fined $1.2 million by British and Dutch data regulators due to weak security practices that were exposed by a 2016 hack, resulting in a data breach affecting 57 million riders. Furthermore, Uber paid $148 million in 2018 to settle lawsuits arising from the 2016 breach across the U.S.

The data protection authority in the Netherlands has made it clear that companies such as Uber must adhere to the GDPR with regards to data processing and transparency when operating within the European Union. This latest action against Uber exemplifies the increased regulatory scrutiny faced by tech companies and other organizations when it comes to their data protection practices.

The Dutch data protection authority’s findings and subsequent fine against Uber showcase the growing emphasis on the need for companies to be transparent and responsible in their data practices. With data protection and privacy regulations becoming increasingly stringent globally, organizations are under pressure to ensure that they comply with regulatory requirements. This holds especially true in the European Union, where the GDPR has set a high benchmark for data protection standards.

Uber’s ordeal also serves as a stark reminder to other companies that failing to adhere to data protection regulations can lead to significant financial penalties and damage to a brand’s reputation. The Dutch data protection authority’s actions against Uber underscore the necessity for companies to prioritize data protection measures and compliance with privacy regulations, especially in an era where data privacy and security are paramount concerns for individuals and regulators alike. As such, Uber’s case should serve as a lesson for others to ensure that their data practices are in line with the evolving global regulatory landscape, especially within the European Union.

Source link

Latest articles

AI Generated Patches May Reduce Developer and Operations Workload

Large language models (LLMs) are offering a tantalizing prospect of speeding up software development...

VMware advises administrators to remove deprecated and vulnerable authentication plug-in

VMware Issued A Warning About Authentication System Vulnerability Specialists at VMware are strongly recommending administrators...

Could ransomware provider LockBit be responsible for the Lurie hack?

Following what has been described as a major breakthrough in the cyberattack against Lurie...

Free Cyber Security Training Offered to Lancashire Businesses by Lancashire Evening Post

Lancashire businesses are set to benefit from free training to help them safeguard against...

More like this

AI Generated Patches May Reduce Developer and Operations Workload

Large language models (LLMs) are offering a tantalizing prospect of speeding up software development...

VMware advises administrators to remove deprecated and vulnerable authentication plug-in

VMware Issued A Warning About Authentication System Vulnerability Specialists at VMware are strongly recommending administrators...

Could ransomware provider LockBit be responsible for the Lurie hack?

Following what has been described as a major breakthrough in the cyberattack against Lurie...
en_USEnglish