Ride-hailing platform Uber has been fined 290 million euros ($A478 million) in the Netherlands for sending the personal data of European taxi drivers to the United States in violation of EU rules, the Dutch data protection watchdog announced.
Uber has stopped the practice, the Dutch Data Protection Authority added.
"This flawed decision and extraordinary fine are completely unjustified," Uber spokesperson Caspar Nixon told Reuters in an email.
"Uber's cross-border data transfer process was compliant with GDPR during a three-year period of immense uncertainty between the EU and US," he added, saying the company would appeal and was confident that "common sense will prevail".
The DPA said Uber transferred personal data to the United States and failed to appropriately safeguard the data.
"This constitutes a serious violation of the General Data Protection Regulation (GDPR)," it said.
Uber can appeal the decision with the DPA and if unsuccessful can then file a case with the Dutch courts.
The appeals process is expected to take four years and any fines are suspended until all legal recourses have been exhausted, according to the DPA.
The investigation was triggered after a French human rights organisation lodged a complaint on behalf of more than 170 taxi drivers in France with the country's data protection authority. However, as Uber has its European headquarters in the Netherlands, it was forwarded to the DPA.
French national data protection regulator CNIL said in a separate statement that it had co-operated with the DPA.
In a related case, the DPA fined Uber 10 million euros in January for infringement of privacy regulations regarding its drivers' personal data.