|
Uber has stopped the practice, the DPA added.
"This flawed decision and extraordinary fine are completely
unjustified," Uber spokesperson Caspar Nixon told Reuters in an
email.
"Uber’s cross-border data transfer process was compliant with
GDPR during a 3-year period of immense uncertainty between the
EU and U.S.," he added, saying the company would appeal and was
confident that "common sense will prevail".
The DPA said Uber transferred personal data to the United States
and failed to appropriately safeguard the data.
"This constitutes a serious violation of the General Data
Protection Regulation (GDPR)," it said.
Uber can appeal the decision with the DPA and if unsuccessful
can then file a case with the Dutch courts. The appeals process
is expected to take some four years and any fines are suspended
until all legal recourses have been exhausted, according to the
DPA.
The investigation was triggered after a French human rights
organization lodged a complaint on behalf of more than 170 taxi
drivers in France with the country's data protection authority.
However, as Uber has its European headquarters in the
Netherlands, it was forwarded to the DPA.
French national data protection regulator CNIL said in a
separate statement that it had cooperated with the DPA.
In a related case, the DPA fined Uber 10 million euros ($11
million) in January for infringement of privacy regulations
regarding its drivers' personal data.
($1 = 0.8942 euros)
(Reporting by Stephanie Van Den Berg, Tassilo Hummel; editing by
Jason Neely, Kirsten Donovan)
[© 2024 Thomson Reuters. All rights
reserved.]
This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
