عربي English Türkçe اردو فارسى
Logo
Latest News
Technology

Dutch Watchdog Fines Uber $324 Million for Alleged Inadequate Protection of Drivers’ Data 

An Uber sign is displayed at the company's headquarters in San Francisco, Sept. 12, 2022. (AP)
An Uber sign is displayed at the company's headquarters in San Francisco, Sept. 12, 2022. (AP)
TT
TT

Dutch Watchdog Fines Uber $324 Million for Alleged Inadequate Protection of Drivers’ Data 

An Uber sign is displayed at the company's headquarters in San Francisco, Sept. 12, 2022. (AP)
An Uber sign is displayed at the company's headquarters in San Francisco, Sept. 12, 2022. (AP)

The Dutch data protection watchdog slapped a 290 million euro ($324 million) fine Monday on ride-hailing service Uber for allegedly transferring personal details of European drivers to the United States without adequate protection. Uber called the decision flawed and unjustified and said it would appeal.

The Dutch Data Protection Authority said the data transfers spanning more than two years amounted to a serious breach of the European Union’s General Data Protection Regulation, which requires technical and organizational measures aimed at protecting user data.

“In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care,” Dutch DPA chairman Aleid Wolfsen said in a statement.

“But sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale. That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union. Uber did not meet the requirements of the GDPR to ensure the level of protection to the data with regard to transfers to the US. That is very serious.”

The case was initiated by complaints from 170 French Uber drivers, but the Dutch authority issued the fine because Uber’s European headquarters is in the Netherlands.

Uber insisted it did nothing wrong.

“This flawed decision and extraordinary fine are completely unjustified. Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and US. We will appeal and remain confident that common sense will prevail,” the company said in a statement.

The alleged breach came after the EU’s top court ruled in 2020 that an agreement known as Privacy Shield that allowed thousands of companies — from tech giants to small financial firms — to transfer data to the United States was invalid because the American government could snoop on people’s data.

The Dutch data protection agency said that following the EU court ruling, standard clauses in contracts could provide a basis for transferring data outside the EU, “but only if an equivalent level of protection can be guaranteed in practice.”

“Because Uber no longer used Standard Contractual Clauses from August 2021, the data of drivers from the EU were insufficiently protected,” the watchdog said. It added that Uber has been using the successor to Privacy Shield since the end of last year, ending the alleged breach.

Most Viewed

 
 
Technology

Google to Help Build Cyber Protection for Australian Infrastructure

Smartphone with google app icon is seen in front of the displayed Australian flag in this illustration taken, January 22, 2021. REUTERS/Dado Ruvic/Illustration/ File Photo Purchase Licensing Rights
Smartphone with google app icon is seen in front of the displayed Australian flag in this illustration taken, January 22, 2021. REUTERS/Dado Ruvic/Illustration/ File Photo Purchase Licensing Rights
TT
TT

Google to Help Build Cyber Protection for Australian Infrastructure

Smartphone with google app icon is seen in front of the displayed Australian flag in this illustration taken, January 22, 2021. REUTERS/Dado Ruvic/Illustration/ File Photo Purchase Licensing Rights
Smartphone with google app icon is seen in front of the displayed Australian flag in this illustration taken, January 22, 2021. REUTERS/Dado Ruvic/Illustration/ File Photo Purchase Licensing Rights

Google and Australia's national science agency said they will work together to develop software that automatically detects and fixes network vulnerabilities for operators of critical infrastructure, seeking to contend with a surge in cyberattacks.

The software for organizations such as hospitals, defence bodies and energy suppliers will be customised to be in line with Australia's regulatory environment.

"Software supply chain vulnerabilities are a global issue, and Australia has led the way in legislative measures to control and combat the risks," said Stefan Avgoustakis, head of security practice for Google Cloud in Australia and New Zealand, according to Reuters.

The Australian government has been imposing tougher requirements on critical infrastructure operators to report and prevent cyberattacks after a spate of breaches in the past two years left the personal information of half the country's 26 million population exposed.

The research partnership will pair up Google's existing open source vulnerability database and storage cloud with the Commonwealth Scientific and Industrial Research Organization's (CSIRO) research methods, the parties said in a statement.

Google said the plan was part of a five-year commitment it made in 2021 to spend A$1 billion ($675 million) in Australia at a time when the country's push for tougher regulation of global tech firms had cooled relations with the US firm.

Google also supplies cybersecurity services to the US as part of a $9 billion contract between the US Department of Defense and a number of large tech firms.

CSIRO's project lead Ejaz Ahmed said locally developed cybersecurity software would "be better aligned with local regulations, promoting greater compliance and trustworthiness."

The project's findings will be made public to provide operators of critical infrastructure easy access to the information.