INTELLIGENCE
ZERO|TOLERANCE
Intelligence Advisory
zerotolerance.me

Uber Fined €290M for Transferring Driver Data to US

Aug 2024 · €290M fine

Publication Date
2024-08-01
Category
Regulatory Enforcement
Author
K. Ellabban
Organization
Zero|Tolerance Security Research

Uber Fined EUR 290M for Transferring Driver Data to US

The Dutch Data Protection Authority imposed a EUR 290 million fine on Uber in August 2024 for transferring European driver personal data to the United States for over two years without a valid transfer mechanism under GDPR Chapter V. Following the Schrems II invalidation of the EU-US Privacy Shield in July 2020, Uber continued transferring sensitive driver data--including identity documents, location data, and criminal records--after dropping Standard Contractual Clauses in August 2021 and relying on a joint controller agreement without any valid GDPR Chapter V transfer mechanism.

Executive Summary

KEY FACTS

  • WhatUber transferred EU driver data to the US without valid GDPR mechanisms.
  • WhoAll EEA Uber drivers over a two-year period post-Schrems II.
  • Data ExposedIdentity documents, GPS location data, criminal records, and financials.
  • OutcomeDutch DPA fined Uber EUR 290M; appeal filed by Uber.
References

SOURCES

Dutch DPA Decision, CJEU Schrems II ruling, GDPR Chapter V, EDPB Recommendations 01/2020

Related Analysis

Related Intelligence

Uber: 57M Users Breached, CSO Convicted for Cover-Up
Nov 2017 · $148M + conviction
TikTok Fined €530M for Sending EU Data to China
May 1, 2025 · €530M fine
Meta Fined €1.2B for Illegal EU-to-US Data Transfers
May 2023 · €1.2B fine
Odido: 6.2 Million Dutch Customers Breached by ShinyHunters
Feb 1, 2026 · 6.5M individuals · national security
LinkedIn Fined €310M for Behavioral Ad Targeting
Oct 2024 · €310M fine
MORE REGULATORY ENFORCEMENT →