English
עברית
Français
Deutsch
Русский
Español
简体中文
日本語
Dutch
Türkçe
Language
English
עברית
Français
Deutsch
Русский
Español
简体中文
日本語
Dutch
Türkçe
Home
About us
About us
CV at a glance
Global reach
Pro Bono
What we do
Practice area
The team
Knowledge center
Insights & News
Client updates
Credentials
Doing business in Israel
Join us
Contact
Barnea Blog
© All rights reserved to Barnea Jaffa Lande Law offices

Together is powerful

Client updates
19 February 2024
by Avishay Klein
Ben Norman
         
Antitrust and Competition
Banking & Finance
Capital Markets
Corporate
Employment
Infrastructure
Internet
Litigation
NPO
Private Clients
Real Estate
Regulation
Tax
High Tech

Dutch Data Protection Authority Fines Uber

Authorities opened an investigation after Uber drivers in France sent complaints to the French privacy protection commission, the CNIL. The CNIL transferred the handling of the complaints to the Dutch Data Protection Authority, since Uber BV is incorporated in the Netherlands.

 

The drivers’ main complaints were, inter alia:

  • There was a lack of transparency and due disclosure about the retention period of their personal information.
  • Information request forms are hidden in various places on the website and are inaccessible.
  • The company failed to disclose to which countries outside the EEA it transfers personal information.

Rights of Data Subjects

Around the world in general, and in Europe in particular, data subjects have the right to know how their personal information is being used. Since this is an important right, regulatory authorities expect corporations to formulate and publish a clear privacy policy in an accessible format.

The privacy policy must include the following:

 

  • The types of personal or sensitive information about data subjects that are being collected and the purpose for collecting the information.
  • The retention period of the data subjects’ personal information and the reason for retaining the personal information.
  • How a data subject can submit a request to exercise his rights by virtue of privacy protection laws (for example, a request to delete all information collected about him), and the provision of a clear and accessible designated request form.
  • Information about transfers of personal information between countries or between continents (if any), and what technological data security measures are in place to safeguard information being transferred between countries/continents

 

Corporations receiving requests to exercise rights relating to privacy protection and personal information must also issue an adequate response within the time frames prescribed by law.

 

***

 

Our firm’s Privacy, Data Protection and Cyber Department is at your service to answer any questions about drafting a customized privacy policy, responding to data subjects’ requests to exercise their rights by virtue of privacy protection laws, and any other issues pertaining to privacy protection and data security laws.

 

Dr. Avishay Klein heads the Privacy, Data Protection and Cyber Department at Barnea Jaffa Lande.

Adv. Ben Norman is an associate in the department.

Tags: Data protection | Privacy