The fine was officially imposed in July and followed a collective complaint from the French Human Rights League that represented more than 170 Uber drivers. The investigation was handed over to Dutch regulators since Uber’s EU heardquarter is in the Netherlands.
Data protection authorities already fined the United States-based company €10 million for several breaches of the General Data Protection Regulation (GDPR) last year.
Caspar Nixon, a spokesperson for Uber, said “this flawed decision and extraordinary fine are completely unjustified.” He added that Uber will appeal the decision.
“Uber’s cross-border data transfer process was compliant with GDPR during a 3-year period of immense uncertainty between the EU and U.S.,” he said, refering to a period when both bloc’s had to revise their so-called adequacy decision that allowed companies to freely transfer data without complex contractual agreements.
The new Data Privacy Framework struck last year ended three years of legal limbo and headache for tech giants.
The Dutch decision “ignores reality,” said Alexandre Roure, head of policy for tech industry association CCIA that has Uber as a member. “The busiest internet route in the world could not simply be put on hold for three entire years while governments worked to establish a new legal framework for these data flows.”
This article has been updated.