AMSTERDAM (Reuters) – The Dutch Data Protection Authority (DPA) on Wednesday fined Uber 10 million euros ($11 million) for breaching privacy rules regarding its drivers’ personal data.
The DPA found that Uber did not specify in its terms and conditions how long it retained its drivers’ personal data, or how it secured the data when sending it to entities in countries outside the European Economic Area, of which it Name not disclosed (EEA).
The authority said Uber also hindered its drivers’ efforts to exercise their right to privacy by making personal data access requests unnecessarily complex.
The design of the drivers’ app complicated the process due to the placement of the form within its various menus, and Uber’s method of storing this information in the file lacked clarity, making the results difficult to interpret.
“This shows that Uber created all kinds of obstacles that prevented drivers from exercising their right to privacy,” DPA president Elide Wolfsen said in a statement.
The fine was imposed after more than 170 French drivers complained to a French human rights organization, which filed a complaint with the French data protection authority. However, since Uber’s European headquarters is in the Netherlands, it was remanded to the DPA.
($1 = 0.9228 euros)
(Reporting by Piotr Lipinski; Editing by Louise Heavens and Emelia Sithole-Matarise)