SK Hynix Shares Hit Record High After Shipping Next-Generation HBM4E AI Memory Samples 
Baseten Secures $1.5 Billion Funding at $13 Billion Valuation Amid AI Infrastructure Boom 
NTSB Investigates Boston Logan Airport Near-Miss Between Delta and American Airlines Jets 
California Drivers Sue BP, Walmart, 7-Eleven Over Alleged AI Gas Price Fixing 
Google’s Open-Source AI Data Center Cooling Design Raises Commoditization Concerns 
Tesla and NatPower Partner on $5 Billion Battery Storage Expansion in Europe 
Bain Capital Nears Deal for Majority Stake in Volkswagen Marine Engine Unit Everllence 
Apollo Debt Solutions Limits Redemptions as Withdrawal Requests Surge 
Nike CFO Shake-Up Fuels Concerns Over Turnaround Strategy 
SpaceX Stock Plunges 16% as KeyBanc Warns Valuation May Be Overstretched 
Trump’s Quantum Push Lifts IBM Stock as CEO Arvind Krishna Receives White House Praise 
Samsung Electronics Stock Surges on Report of Massive $59 Billion Share Buyback Plan 
Meta Reportedly Developing ‘Arena’ Prediction Market App to Rival Polymarket and Kalshi 
Ryan Cohen Rejects GameStop Pay Package, Prepares New eBay Acquisition Plan 
Alphabet Stock Slides as AI Talent Exodus and SpaceX Losses Shake Investor Confidence 
Meta Seeks Legal Shield From Child-Harm Lawsuits Amid KOSA Talks 
Uber has been fined $324 million by the Dutch Data Protection Authority for violating the EU’s GDPR by transferring European drivers' data to the U.S. without adequate protection. The company plans to appeal, asserting that its data transfer processes were compliant during a period of legal uncertainty.
Uber Hit with $324M Fine by Dutch Authority for Alleged GDPR Violations in Data Transfers to U.S.
Uber, a ride-hailing service, was fined 290 million euros ($324 million) by the Dutch data protection authority on August 26 for allegedly transferring the personal details of European drivers to the United States without adequate protection. Uber declared the decision defective and unjustified and announced it would file an appeal.
The Dutch Data Protection Authority declared that the data transfers, which spanned over two years, constituted a severe violation of the General Data Protection Regulation of the European Union. This regulation mandates implementing technical and organizational measures to safeguard user data.
"In Europe, the GDPR protects the fundamental rights of people, by requiring businesses and governments to handle personal data with due care," Dutch DPA chairman Aleid Wolfsen said in a statement.
"But sadly, this is not self-evident outside Europe. Think of governments that can tap data on a large scale. That is why businesses are usually obliged to take additional measures if they store personal data of Europeans outside the European Union. Uber did not meet the requirements of the GDPR to ensure the level of protection to the data with regard to transfers to the U.S. That is very serious."
The Dutch authority imposed the sanction because Uber's European headquarters is in the Netherlands, even though complaints from 170 French drivers initiated the case, per Nikkei Asia.
Uber maintained that it had committed no violations.
"This flawed decision and extraordinary fine are completely unjustified. Uber's cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the E.U. and the U.S. We will appeal and remain confident that common sense will prevail," the company said.
Privacy Shield's Invalidation Sparks GDPR Breach Allegations Against Uber, Leading to $324M Fine
The alleged breach occurred after the E.U.'s highest court ruled in 2020 that the Privacy Shield agreement, which permitted thousands of companies, including tech titans and small financial firms, to transfer data to the United States, was invalid due to the American government's ability to snoop on individuals' data.
The Dutch data protection agency stated that standard contract clauses could serve as a foundation for data transfers outside the E.U. in the wake of the E.U. court ruling, "but only if an equivalent level of protection can be ensured in practice."
"Because Uber no longer used Standard Contractual Clauses from August 2021, the data of drivers from the E.U. were insufficiently protected," the watchdog said. It added that Uber has been using the successor to Privacy Shield since the end of last year, ending the alleged breach.
The Computer & Communications Industry Association, an advocacy organization for technology companies, alleged that the sanction failed to consider the realities of online business in the wake of the 2020 E.U. court ruling.
"The busiest internet route in the world could not simply be put on hold for three entire years while governments worked to establish a new legal framework for these data flows," the association's European head of policy, Alexandre Roure, said in a statement.
"Any retroactive fines by data protection authorities are especially worrisome given that these very privacy watchdogs failed to provide helpful guidance during this period of significant legal uncertainty, in absence of any clear legal framework," he added.
Uber has been penalized by the Dutch data protection authority numerous times, including the August 26 announcement. The agency imposed a fine of 10 million euros in January for the company's failure to disclose the duration of data retention from drivers in Europe or to identify the non-EU countries with which it shared the data.
