- Thread starter
- Staff
- #1
Dadparvar
Staff member
- Nov 11, 2016
- 8,207
- 0
- 6
The Data Protection Agency (DPA) of the Netherlands fined Uber 290 million euros on Monday for violating the EU General Data Protection Regulation (GDPR) by storing the personal data of European taxi drivers on US servers.
The DPA found that Uber did not sufficiently protect the personal data that it transferred to the US. Uber sent personal data from the EU to its headquarters in the US for two years without the use of transfer tools to protect the data. Transfer tools include encryption and pseudonymisation, and should be used when sending personal data outside of the EU, according to the DPA.
Businesses in Europe are permitted to transfer data outside of the EU through a Standard Contractual Clause, which is a model contract approved by the European Commission. Nonetheless, businesses that store personal data outside the EU typically have to utilize additional measures, such as transfer tools, to ensure that EU data protection standards are met.
Special rules apply to data transfers to the US. American businesses that participate in the Data Privacy Framework are treated as having a level of data protection that is equivalent to that of the EU, according to an adequacy decision of the European Commission from 2023. EU citizens may submit a complaint regarding how their personal data is handled, even if the business is a member of the Data Privacy Framework.
The investigation by Dutch authorities was triggered by a complaint from 170 taxi drivers in France. Since Uber’s European headquarters are in the Netherlands, the Dutch DPA was responsible for the investigation.
The data that was transferred included “location data, photos, payment details, identity documents, and in some cases even criminal and medical data of drivers”. The GDPR establishes the protection of personal data as a fundamental right in the EU.
Uber has indicated its intent to appeal the fine, according to the DPA.
The post Netherlands data protection authority fines Uber €290M for violating EU data regulation appeared first on JURIST - News.
Continue reading...
Note: We don't have any responsibilities about this news. Its been posted here by Feed Reader and we had no controls and checking on it. And because News posted here will be deleted automatically after 21 days, threads are closed so that no one spend time to post and discuss here. You can always check the source and discuss in their site.
The DPA found that Uber did not sufficiently protect the personal data that it transferred to the US. Uber sent personal data from the EU to its headquarters in the US for two years without the use of transfer tools to protect the data. Transfer tools include encryption and pseudonymisation, and should be used when sending personal data outside of the EU, according to the DPA.
Businesses in Europe are permitted to transfer data outside of the EU through a Standard Contractual Clause, which is a model contract approved by the European Commission. Nonetheless, businesses that store personal data outside the EU typically have to utilize additional measures, such as transfer tools, to ensure that EU data protection standards are met.
Special rules apply to data transfers to the US. American businesses that participate in the Data Privacy Framework are treated as having a level of data protection that is equivalent to that of the EU, according to an adequacy decision of the European Commission from 2023. EU citizens may submit a complaint regarding how their personal data is handled, even if the business is a member of the Data Privacy Framework.
The investigation by Dutch authorities was triggered by a complaint from 170 taxi drivers in France. Since Uber’s European headquarters are in the Netherlands, the Dutch DPA was responsible for the investigation.
The data that was transferred included “location data, photos, payment details, identity documents, and in some cases even criminal and medical data of drivers”. The GDPR establishes the protection of personal data as a fundamental right in the EU.
Uber has indicated its intent to appeal the fine, according to the DPA.
The post Netherlands data protection authority fines Uber €290M for violating EU data regulation appeared first on JURIST - News.
Continue reading...
Note: We don't have any responsibilities about this news. Its been posted here by Feed Reader and we had no controls and checking on it. And because News posted here will be deleted automatically after 21 days, threads are closed so that no one spend time to post and discuss here. You can always check the source and discuss in their site.