Uber Fined €290m for Data Protection Breach 🚗

Hey there! 👋

Uber’s just been hit with a whopping €290 million fine for breaching data protection laws for mishandling European drivers’ data. We're talking about sensitive stuff like taxi licenses, ID documents, and even photos – yikes! According to the Dutch data protection watchdog, Uber’s breach was a “serious violation of the General Data Protection Regulation (GDPR)”, however, Uber claims the decision to be “flawed and unjustified.”

Let’s dive into what happened, how this affects businesses and how law firms could be involved.

Don't have time for the full scoop? No worries, we've got you covered with a quick summary: click here

What did Uber do? 🤷‍♀️

According to the DPA, Uber collected sensitive personal data of its European drivers and transferred this data to US servers over a two-year period, while failing to use protective transfer tools

While data transfers to the US are permitted under EU law, the DPA argued that the absence of protective transfer tools, such as Standard Contractual Clauses (SCC), meant that personal data was not protected, therefore breaching Article 44 of the GDPR. The GDPR requires measures to be put in place to effectively handle and protect personal data and information.

The fine was imposed officially in July following a collective complaint from more than 170 French drivers to a human-rights interest group. The DPA took over the investigation due to Uber’s headquarters being in the Netherlands.

Uber has fired back at the fine, claiming it to be “unjustified” and will appeal the fine. This is because Uber argues that the data transfers occurred in a time of “uncertainty between the EU and the US.” However, this now marks the DPA’s third fine against Uber, who fined the firm €600,000 in 2018 and €10m just last year. This points towards a crackdown on the actions of big firms in Europe.

How could this affect businesses? 💼

Scrutiny on Data Protection Practice

The significantly high €290m fine is a signal towards strong enforcement of data protection regulations and sends a strong warning to businesses to cooperate with mandatory data protection practices. Thus, businesses that operate in the EU and handle sensitive data may be scrutinised further over their handling of such data.

Strengthening Data Transfer Protocols

Firms that transfer data internationally will look to ensure that they are indeed using sufficient protective tools that adhere to the guidelines of the GDPR. Businesses may also look to review and update their data transfer policies and ensure they align with the GDPR.

Impacts on Cross-Border Operations

Multinational firms, like Uber, may face operational challenges in ensuring data protection compliance across various jurisdictions. Managing data across borders and adhering to different rules on data protection may see increased costs incurred by businesses.

How would law firms be involved? ⚖️

Appeals – If a company decides to appeal a fine, like Uber is doing, law firms would be involved in handling the case and representing their client. This includes preparing and filing the appeals, representing Uber in court and highlighting why the fine should in fact be overturned.

Compliance – Law firms may assist companies in reviewing their data processing activities, and assessing risk. Usually, data protection lawyers would engage in this, ensuring that companies are complying with the GDPR. They may also assist in drafting new data protection policies where necessary to comply with legal standards.

Advising on Data Transfers – Lawyers may provide support and guidance on how data should be transferred with the correct mechanisms in place. This could include the use of SCCs, which ensure that data transferred outside of the EU is under the same level of protection that it would be under EU data protection regulations through the use of specific contractual clauses.

🗞 Other news…

X has been banned in Brazil 🇧🇷

A Brazilian judge ordered X (formerly Twitter) suspended in Brazil after Elon Musk failed to appoint a local representative. This row began in April when the judge ordered the suspension of a bunch of X accounts for allegedly spreading misinformation. Elon Musk described the orders as “censorship” and closed its office in Brazil due to a representative being threatened with arrest. The ban will remain in force until X appoints a new legal representative and pays its fines. Unlikely tho...Elon does not seem keen on doing this.

Canada sets 100% tariff on Chinese EVs🔋

From 1 October 2024, Canada will impose a new 100% tariff on imports of EV vehicles manufactured in China as well as a 25% duty on Chinese aluminium and steel. Canada accuses China of subsiding its EV industry which gives its car makers an unfair advantage. However, China argues that the tariff violates World Trade Organisation rules.

I hope you enjoyed this article. See you next week! 👋