Ridetech International B.V. – €100,000,000 Fine (Netherlands, 2026)

€100,000,000Autoriteit Persoonsgegevens1 April 2026Netherlands
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Ridetech International B.V. received a massive €100 million fine for not safeguarding personal data when transferring it outside the EU. This is crucial because it emphasizes the need for companies to protect user data, especially when dealing with international data transfers.

What happened

Ridetech International B.V. failed to implement proper safeguards for transferring personal data to servers in Russia.

Who was affected

Users of the Yangoo taxi app whose personal data was stored on servers in Russia.

What the authority found

The Dutch DPA ruled that Ridetech did not provide adequate protections for personal data, violating GDPR requirements for international data transfers.

Why this matters

This ruling serves as a warning to companies about the importance of data protection when transferring information abroad. Businesses must ensure they comply with GDPR standards to avoid hefty fines.

GDPR Articles Cited

AI-verified

Art. 44(GDPR)
Art. 46(GDPR)
Art. 5(1)(a) GDPR
Art. 5(2) GDPR
View original scraped data
Art. 5(1) a) GDPR
(2) GDPR
Art. 44(GDPR)
Art. 46(GDPR)

Original data from scraper before AI verification against source document.

Source verified 27 May 2026
verified correct
Netherlands enforcementAutoriteit Persoonsgegevens actionsAll Ridetech International B.V. actions
Full Legal Summary
Detailed

The Dutch DPA has imposed a fine of EUR 100,000,000 on Ridetech International B.V. The controller, the operator of the taxi app 'Yangoo', has failed to implement adequate guarantees for the transfer of personal data into a third country. In order for the app to function, it was necessary to process personal data, but the servers on which the data was stored were located in the Russian Federation. As there is no adequacy decision for the Russian Federation, the controller needed to implement appropriate safeguards, enforceable data subject rights and effective legal remedies. However, the controller failed to implement these safeguards, as it falsely assumed its role to be that of a processor, using 'processor to processor' clauses in the SCC instead.

Related Enforcement Actions (0)

No other enforcement actions found for Ridetech International B.V. in NL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

1 April 2026

Authority

Autoriteit Persoonsgegevens

Fine Amount

€100,000,000

Enforcement Tracker ID

ETid-3171

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Ridetech International B.V. - Netherlands (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: