The Dutch Data Protection Authority (DPA) announced Monday that it fined ride-sharing company Uber €290M ($324M) for transferring Europeans' data to its US-based headquarters. The Netherlands issued the fine because Uber's European headquarters are there.
The DPA alleges that the transfer of data over a two-year period, including account info, taxi licenses, photos, identification documents, and some criminal and medical data, violated the EU's General Data Protection Regulation (GDPR).
The GDPR established clear guidelines for companies who wish to transport outside of Europe and into other countries. Instead of following these security protocols, Uber decided to handle this incredibly personal information without care, which is why it's been hit with a severe fine. Now that Uber has been found guilty three times, hopefully it will begin to follow the rules and protect users' privacy.
It's ironic that European authorities are chastising Uber at the very same time its own parliament is being sued for being careless with people's data. A cyber attack exposed data such as passports, ID numbers, and criminal histories of some 8k European Parliament workers, and the government failed to disclose the breach for months. The EU should get its own house in order before it judges the rest of us.