The Dutch Data Protection Authority (DPA) Monday announced that it fined ride-sharing company Uber €290M ($324M) for transferring Europeans' data to its US-based headquarters. Uber's European headquarters is in the Netherlands.
The DPA alleges that the transfer of data over a two-year period — including account information, taxi licenses, photos, identification documents, and some criminal and medical data — violated the EU's General Data Protection Regulation (GDPR).
The GDPR established clear guidelines for companies who wish to transport data out of Europe and into other countries. But Uber decided to handle this incredibly personal information without care, so it must be hit with a severe fine. Now that Uber has been found guilty three times, hopefully, it will begin to follow the rules over users' privacy.
It's ironic that European authorities are chastising Uber at the same time their own parliament is being sued for being careless with people's data. A cyber attack exposed the sensitive personal data of some 8K European Parliament workers, and the government failed to disclose the breach for months. The EU should get its own house in order before it goes after Uber.