The fine was formally imposed in July, following a class action lawsuit from the French League for Human Rights, which represents more than 170 Uber drivers. Because Uber's EU headquarters is in the Netherlands, the investigation was handed over to Dutch regulators.
Data protection authorities already fined the US-based company €10 million last year for multiple violations of the General Data Protection Regulation (GDPR).
“This misguided decision and outlandish fine are completely unjustified,” Uber spokesman Casper Nixon said, adding that the company plans to appeal the decision.
“Uber's cross-border data transfer processes have been GDPR compliant during three years of great uncertainty between the EU and the U.S.,” he said, referring to a period when both countries had to revise so-called adequacy decisions that say companies can freely transfer data without complex contracts.
A new data privacy framework enacted last year ended three years of legal limbo and headaches for the tech giants.
The Dutch decision “ignores reality,” said Alexandre Roulet, head of policy at CCIA, a tech trade group that includes Uber. “The world's busiest internet route cannot be kept at a standstill for a full three years while the government works to establish a new legal framework for data flows.”
This article has been updated.
