Welcome to GRIP, Global Relay’s new digital information service on practical compliance and regulatory change.

Please enjoy this free trial of our subscription content service, for a limited time only.

  

Rules

Uber fined €10m over privacy violations on driver data

Ber logo on car
Photo: Nathan Stirk/Getty Images

Martina Lindberg

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Uber failed to properly handle the drivers’ personal data, and made it difficult for them to access it.

Uber Technologies, Inc. and Uber B.V. (Uber) have been hit with a €10m ($10.9m) fine by the Dutch Data Protection Authority Autoriteit Persoonsgegevens (AP) over infringement of privacy regulations.

Aleid Wolfsen, Chair of the AP
Aleid Wolfsen, Chair, AP. Photo: AP

According to AP, Uber failed to disclose the full details of its retention periods for the European drivers’ data, or to name the non-European countries where the data was shared. It was also found that Uber had “obstructed the drivers’ efforts to exercise their right to privacy” by making it unnecessarily difficult to send requests to view or get copies of their personal data.

“Drivers have the right to know how Uber handles their personal data. However, Uber did not explain this with sufficient clarity. It should have informed its drivers better and more diligently in this regard. Transparency is a fundamental part of protecting personal data,” said AP chairman Aleid Wolfsen.

“If you don’t know how your personal data is being handled, you can’t determine whether you are being put at a disadvantage or treated unfairly. And you can’t stand up for your rights.”

Privacy terms and conditions failures

Even though the drivers could make requests for personal information within their app, AP says that it was hard to find because it was located deep within the app and spread across multiple menus – and could have been placed in a much more user-friendly way.

Uber also failed to consistently arrange the data in a clear manner, which made it hard to interpret.

Uber also never specified how long they would retain the drivers’ personal data in their privacy terms and conditions, nor which specific security measures it takes to send that information to other company entities in countries outside the EEA.

“This shows that Uber put all sorts of obstacles in place that blocked drivers from exercising their right to privacy, and that is prohibited. In fact, Uber should be facilitating drivers in their rights. This is laid down by law,” Wolfsen continued.

“If you don’t know how your personal data is being handled, you can’t determine whether you are being put at a disadvantage or treated unfairly. And you can’t stand up for your rights.”

Aleid Wolfsen, chairman, AP

The fine aroused from complaints from more than 170 French drivers, which complained to the French human rights organisation Ligue des droits de l’Homme et du citoyen, which submitted the matter to the French data protection authority Commission nationale de l’informatique et des libertés (CNIL). CNIL then handed the complaint to AP since Uber has its European headquarters in the Netherlands.

At the time of the infringements, Uber had about 120,000 drivers working across Europe. The company has lodged a notice of objection to the AP’s decision, but has also taken improvement measures in respect of happenings

, , , , , ,

You may also like