Uber B.V. – €290,000,000 Fine (Netherlands, 2024)

Uber B.V. (UBV) is a company based in the Netherlands and is part of the Uber group of companies. Uber Technologies Inc. (UTI) is based in the United States (US) and is the parent company of, among others, UBV (the controller). Drivers (the data subjects) make use of the Uber Driver App to offer rides to customers. Using this app required the creation of a driver account. Via their account, data subjects are rated by their customers after a ride and paid by Uber for services rendered. The data subjects located in the EEA entered into an agreement with UBV when they would make use of the app. For this, the controller used a centralised IT infrastructure and servers that are located in the US. Personal data of the the data subjects that are located in the EEA were therefore processed in the United States in two situations: 1. Through the driver app, the personal data of the data subjects, who are located within the EEA, are collected and stored on a platform physically located in the US. This includes account, location, criminal and health data, proof of identity and a cab license. 2. When data subjects want to exercise their rights under the GDPR, UBV is responsible for responding to these requests. However, as the personal data is stored in the US, UTI is responsible for making the personal data available to UBV in order to respond to requests. UBV and UTI previously entered into the controller-to-controller [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0914 standard contractual clauses of the European Commission] ('SCCs') in their joint controllership agreement. However, the controllers removed the SCCs in their revision of their agreement, effective from 6 August 2021, as from the updated SCC by the European Commission it followed, according to the controller, that SCCs may not be used when a processing falls within the scope of the GDPR. The French DPA (“Commission Nationale de l'Informatique et des Libertés - CNIL”) received a complaint ag