Uber Fined Over $11 Million For Privacy Breaches Involving Drivers’ Data

The Dutch data protection authority (DPA) has fined Uber for violating privacy regulations related to the personal data of its drivers.

The DPA discovered that Uber did not clearly outline in its terms and conditions the duration for which it preserved personal data of its drivers, nor did it specify the security measures in place when transmitting the data to undisclosed entities in countries beyond the European Economic Area.

The authority noted that the cab-hailing platform hindered drivers' privacy rights with unnecessarily complex personal data access requests, but recognised Uber's steps to address the concerns.

The penalty was enforced following complaints from over 170 French drivers to a human rights organisation, which subsequently filed a complaint with the French data protection authority.

However, due to Uber's European headquarters being in the Netherlands, the case was transferred to the DPA.