Usage little transparency of algorithms and disproportionate collection of workers’ data

It is going ahead the action of the Privacy Authority to protect the data of workers of Italian food delivery platforms.

The Authority has ordered Deliveroo Italy to pay a fine of 2.500.000 EUR to have unlawfully processed the personal data of 8000 rider. In order to be in order, the company will have to modify the processing of workers’ data in accordance, within the specified times, with the prescriptions issued by the Authority.

Numerous and serious violations of European and national privacy laws have arisen since the decisions also taken at the company’s headquarters, which is active in the delivery of food and products via a digital platform, of the Workers’ Statute and the recent legislation on the protection of digital platforms.

The illegalities related to the lack of transparency of the algorithms used by the rider management, both for the assignment of orders and for the reservation of work shifts.

The company, which at the end of 2020 has declared no longer to use the shift reservation system, have to provide riders with precise information on the operation of the order allocation system and identify measures to protect the right to obtain human intervention in a position to fully assess and, where appropriate, substantially correct the functioning of the system.

It is part of the society to verify, periodically, the correctness of the results of the algorithms to minimize the risk of distorted or discriminatory effects.

Since the verifications it has emerged that Deliveroo also carries out a meticulous control on the labor performance of the riders – by means of the continuous geolocation of its device, which goes beyond what is necessary to assign to the order (for example, detection every 12 seconds of the position, maintenance of all steps for 6 months) – and by keeping a high number of orders, including communications with the protection of the customer. The system in fact collects data regarding deviations of little minutes respect to the estimated times (for example, withdrawal of food from the restaurant or delivery to the customer) or predetermined (for example, time of effective movement of the rider from the place where he has accepted the delivery). This in violation of the Workers’ Statute which, by means of the use of the devices from which the remote control of the worker can also be derived, calls, before installation, for the subsistence of certain requirements (safety at work, protection of company assets) and the signing of a trade union agreement or authorization by the Labor Inspectorate.

The Authority has granted Deliveroo 60 days of time to correct the violations revealed and additional 90 days to complete the interventions on the algorithms.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELL’ITALIA – GPDP