The Dutch Data Protection Authority (AP) has fined Uber Technologies, Inc. and Uber B.V. €10 million for not fully disclosing their data retention policies and data sharing practices for European drivers. The AP's decision follows Uber's failure to clearly inform drivers about the handling of their personal data and the obstruction of drivers’ rights to access their own data.
AP chairman Aleid Wolfsen stressed the importance of transparency in personal data management, noting that Uber’s insufficient communication prevented drivers from understanding how their data was used and from asserting their privacy rights effectively. The company made it challenging for drivers to access their personal data, with request forms hidden deep within the app and data presented in an unclear manner.
The action against Uber was initiated after more than 170 French drivers complained to the human rights organization Ligue des droits de l’Homme et du citoyen (LDH), leading to an investigation by the Dutch authority due to Uber's European headquarters being in the Netherlands.
The fine reflects the company's large scale, the number of drivers affected, and the seriousness of the privacy infringements. Despite Uber’s objection to the ruling, they have started implementing improvements in response to these findings.
A full-length analysis of this incident and its implications will be provided soon. Stay tuned for more insights.