The Dutch Data Protection Authority (DPA) announced Monday that it fined ride-sharing company Uber €290M ($324M) for transferring Europeans' data to its US-based headquarters. The Netherlands issued the fine because Uber's European headquarters are there.
The DPA alleges that the transfer of data over a two-year period, including account info, taxi licenses, photos, identification documents, and some criminal and medical data, violated the EU's General Data Protection Regulation (GDPR).
The GDPR established clear guidelines for companies who wish to transport outside of Europe and into other countries. Instead of following these security protocols, Uber decided to handle this incredibly personal information without care, which is why it's been hit with a severe fine.