Bisola David
Ride-hailing service, Uber, has been fined €10 million for breaking European data protection laws about the privacy of its drivers.
The Dutch Data Protection Authority announced the fine in a statement, stating that it was imposed in reaction to Uber’s failure to reveal the complete details of its retention periods for data relating to European drivers and to identify the non-European countries with which it exchanges this data.
Additionally, the DPA said that it discovered Uber had impeded its drivers’ attempts to exercise their right to privacy.
The DPA also revealed that it levied the fee in response to complaints from over 170 French drivers to a French human rights organization, the Ligue des droits de l’Homme et du citoyen, which then sent the complaint to the French data protection authority. Uber’s European headquarters are located in the Netherlands, which is why the DPA received the complaint.
The DPA Chairman, Aleid Wolfsen, said “Drivers are entitled to know how Uber uses their personal information. Uber, nevertheless, could not provide a clear enough explanation for this. In this regard, it ought to have provided its drivers with better and more thorough information.
He added “One essential component of safeguarding personal data is transparency. You cannot tell if you are receiving unfair treatment or are being disadvantaged if you are unaware of how your personal data is being managed. You are also incapable of defending your rights.
According to Wolfsen, the DPA discovered that Uber had made it unduly difficult for drivers to file requests to inspect or obtain copies of their personal information. He pointed out that while the drivers’ app had a form for requesting access to their data, it was buried deep in the app and dispersed over multiple menus when it should have been in a more logical location.
In response to access requests, Uber organized personal data in a file that was not always easily readable, making it challenging to understand.
Furthermore, Uber did not indicate in its privacy terms and conditions how long it keeps the personal information of its drivers on file or what security precautions it takes when sending it to organizations located outside of the European Economic Area.
The DPA claimed that in calculating the penalties, it took into account the magnitude of the organization and the severity and gravity of the infringements. At the time of the infringements, about 120,000 drivers were working for Uber in Europe.
Uber has submitted a notice of disagreement with the DPA’s ruling. The DPA also noted that Uber has now taken corrective action over the infraction.
Authorities worldwide are now treating the problem of data protection seriously as technology develops. The General Data Protection Regulation, which went into effect in 2018, served as the model for data protection laws and regulations in a number of other nations.
In order to safeguard the data of its residents, Nigeria signed the Nigerian Data Protection Act, creating the Nigeria Data Protection Commission.
The National Data Protection Commission, led by Dr. Vincent Olatunji, declared last week that it was actively looking into 17 significant data breach instances across a range of industries, including government, banking, technology, education, consultancy, gaming, and lottery.
