The Dutch data protection authority (DPA) has hit Uber with a €290mn fine for transferring personal European driver data to the US. According to the DPA, the transfers constituted a “serious violation” of the EU’s GDPR, as they failed to provide the necessary safeguards for data storage outside the block. Following an investigation, the DPA found that, between August 2021 and November 2023, Uber was transferring and storing sensitive data to US servers without the additional protection tools required by the GDPR. The data included taxi licences, account and payment details, IDs, photos, and even criminal or medical records. “In…
This story continues at The Next Web