Uber – Court Ruling (Netherlands, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Dutch court ruled that Uber's process of deactivating drivers' accounts did not count as automated decision-making under GDPR. The court found that Uber involved human intervention in the decision process. This case is important for companies using automated systems, as it clarifies the role of human oversight in decision-making.
What happened
Uber deactivated drivers' accounts, claiming fraud, but involved human review in the decision process.
Who was affected
Uber drivers whose accounts were deactivated due to alleged fraud.
What the authority found
The court found that Uber's account deactivation process did not qualify as automated decision-making under GDPR.
Why this matters
This ruling clarifies that companies can avoid the label of 'automated decision-making' if they include meaningful human intervention. Businesses using automated systems should ensure human oversight to comply with GDPR.
GDPR Articles Cited
The challenge was brought by four Uber drivers, each of whom had received a separate message from Uber stating that their Uber Driver account had been deactivated because Uber had determined that they had violated the applicable contractual terms and conditions of Uber by being guilty of fraud. According to the applicants, Uber's decision was taken completely automatically without meaningful human intervention. The decision led to the immediate termination of the agreement between Uber and the applicants and to loss of income. Additionally, according to the applicants Uber violated the principle of transparency by not informing them about the underlying logic, the importance and the expected consequences of the processing for them, not informing them of the type of fraud they are accused of and by not informing them that their accounts would be blocked in the event of fraud. In addition, Uber failed to explain the grounds for the decision in intelligible words. Uber argued that it did not deactivate the accounts of the drivers solely on the basis of automated decision-making. The controller demonstrated that the decision to deactivate the account of one of the applicants was a result of an investigation which included actions taken by an Uber employee such as carrying out a personal conversation with the driver about consequences of the fraud, followed by a written confirmation. According to Uber, after a fraud signal the driver's access to the Driver app is automatically temporarily blocked until the driver has contacted an Uber employee. Access to the Driver app is reactivated as soon as the driver has made contact. Does automated termination of contract by Uber fulfil scope of automated decision making under Artcle 22 GDPR? Did Uber violate the transparency principle by failing to inform the applicants about the consequences of the procedure? The Court found that Uber's contract termination procedure does not constitute automated decision making under Articl
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (1)
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
Related Cases (0)
No other cases found for Uber in NL
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Website operator
2023 · Agencia Española de Protección de Datos
Pagamastarde S.L.
2021 · Agencia Española de Protección de Datos
Marbella Resorts S.L.
2021 · Agencia Española de Protección de Datos
BANKIA, S.A.
2021 · Agencia Española de Protección de Datos
GOOGLE LLC
2025 · Commission Nationale de l'Informatique et des Libertés
Details
About this data
Cite as: Cookie Fines. Uber - Netherlands (2021). Retrieved from cookiefines.eu
Last updated: