EUR 10MN fine for infringment of privacy regulations

Following complaints lodged by 170 French Uber drivers with the French human rights organization Ligue des droits de l'Homme et du citoyen (LDH), the LDH lodged a class action complaint with the French Data Protection Authority. Since Uber has its European headquarters in the Netherlands, the Dutch Data Protection Authority (AP), as the competent authority, imposed a fine of 10 million euros on Uber Technologies, Inc. and Uber B.V. ("Uber"). The fine is in response to the fact that the company would have made it more difficult for its drivers to exercise their rights vis-à-vis the transport company.

The AP noted that Uber had made it unnecessarily complicated for drivers to make requests to view or obtain copies of their personal information. While the app for drivers included a form to request access to their data, it wasn't placed in an easily accessible place in the app. Responses to requests for information were incomprehensible. In addition, they have not specified in their privacy policy how long Uber keeps the personal data of its drivers or what specific security measures it takes when it sends this information to companies in countries outside the EEA. In determining the amount of the fine, the AP took into account the size of the organization and the gravity of the infringements. At the time of the breaches, around 120,000 drivers were working for Uber in Europe. Uber has appealed the AP's decision. The AP noted that Uber has now taken improvement measures in respect of the infringement.

For more info please click here.