TOP ISSUES:
China
Web3/Crypto
Cartels
Antitrust
Big Tech
30x30
x
Webp tcnbirtuzk985chjqbpm50haef98
Matthew Schruers President & CEO at Computer & Communications Industry Association | Official website

Uber fined €290 million by Dutch authority over past GDPR violations

Big Tech

ORGANIZATIONS IN THIS STORY

Computer & Communications Industry Association

The Dutch Data Protection Authority (AP) announced a €290 million fine on Uber, citing violations of the EU's General Data Protection Regulation (GDPR) due to transfers of drivers' personal data from the European Union to the United States. The Computer & Communications Industry Association (CCIA Europe) has responded, noting that these issues date back to 2021-2022, before the implementation of the new EU-US Data Privacy Framework last year.

During this period, companies outside the EU subject to GDPR had limited legal avenues for transferring data to the United States. This situation arose after an EU Court invalidated Privacy Shield in 2020 through the Schrems II ruling, leaving businesses without clear guidelines for nearly three years.

Regulatory contradictions further complicated matters as data protection authorities often disagreed with the European Commission. The Commission had ruled out Standard Contractual Clauses for non-EU companies under European data protection rules, removing straightforward mechanisms for data transfers.

This period of legal uncertainty impacted various organizations, including nonprofits and governments. Despite efforts to act in good faith, many lacked workable guidance from EU authorities on managing data flows. Although the Data Privacy Framework came into effect in 2023, it did not address the preceding three-year gap.

Retroactive fines by data protection authorities could create significant legal uncertainty for online activities between the EU and US from 2020 to 2023, affecting everything from video conferencing during COVID-19 to online payment processing.

Alexandre Roure, Head of Policy at CCIA Europe, stated: "The fact that the Dutch Data Protection Authority today decided to issue a massive fine to a tech company for EU-US data flows that happened back in 2021 ignores reality. The busiest internet route in the world could not simply be put on hold for three entire years while governments worked to establish a new legal framework for these data flows."

Roure added: "Any retroactive fines by data protection authorities are especially worrisome given that these very privacy watchdogs failed to provide helpful guidance during this period of significant legal uncertainty, in absence of any clear legal framework."

---

ORGANIZATIONS IN THIS STORY

Computer & Communications Industry Association

Top Stories