Dutch watchdog fines Uber 10 million euros over privacy regulations infringement

AMSTERDAM (Reuters) -The Dutch data protection authority (DPA) on Wednesday fined Uber 10 million euros ($11 million) for infringement of privacy regulations regarding its drivers’ personal data.

The DPA found that Uber had not specified in its terms and conditions for how long it retained its drivers’ personal data, or how it secured the data when sending it to entities in countries, which it had not named, outside the European Economic Area (EEA).

Uber also obstructed its drivers’ efforts to exercise their right to privacy by making personal data access requests unnecessarily complicated, the authority added, noting though that Uber had taken steps to fix the issues flagged.

“The Dutch data protection authority has acknowledged that Uber fixed the small number of ‘low impact’ issues raised by the drivers, while dismissing the vast majority of their claims as unfounded,” an Uber spokesperson said in an e-mailed statement to Reuters.

The spokesperson added that the company continuously works on improving its data request processes.

The fine was imposed after more than 170 French drivers complained to a French human rights organisation, which lodged a complaint with the French data protection authority. However, as Uber has its European headquarters in the Netherlands, it was forwarded to the DPA.

(Reporting by Piotr Lipinski; Editing by Louise Heavens and Emelia Sithole-Matarise)