Thanks. That gives a lot more information. With respect to the new framework, the article you linked to just says "Since the end of last year, Uber uses the successor to the Privacy Shield." Do you know if the Dutch DPA endorsed the new framework, or did they leave it ambiguous/unresolved as to whether post-2023 transfers are GDPR compliant?
I don't think endorsing the new framework is something the DPA does. The EC declared the new framework adequate[1], Uber got certified for it[2], so there is now a valid method in place for Uber to transmit data.
