Netherlands: Issued ruling in Dutch Data Protection Authority Investigation into Uber's infringement of cross-border data transfer regulations

On 26 August 2024, the Dutch Data Protection Authority (AP) issued a ruling in the investigation into Uber B.V. (Uber) for transferring European taxi driver's personal data to the United States of America in breach of the GDPR. The AP fined Uber EUR 290'000'000 for the failure to adequately protect personal data, which included sensitive information such as account details, location, criminal and medial records. The breach of the GDPR occurred over a period of more than two years.