Description
The Italian Data Protection Authority has fined Foodinho S.r.l., a company within the Glovo group (which Delivery Hero bought in 2022), €5 million for illegally processing the personal data of over 35,000 couriers via its digital platform. This decision followed an in-depth investigation initiated by the Authority, which revealed that the company had committed "numerous and serious violations" of the GDPR. Previously fined in 2021 for similar breaches, Foodinho had continued to engage in several problematic practices, including:
- Sending standardised messages to couriers upon deactivation or blocking of their accounts, which failed to inform them of their right to contest the decision or request account restoration.
- Conducting automated data processing without implementing the measures required by law for the use of automated systems. This notably excluded any provision for human intervention, which would allow couriers to express their opinions or challenge decisions made by the system.
- Sharing personal data, including geolocation information, with third parties without prior notification to the couriers. This data was collected and processed even when the couriers were not working and when the app was running in the background.
In addition to these privacy law violations, the Authority highlighted that the company did not comply with the requirements of Article 4, paragraph 1, of Law 300/1970. The law mandates that any remote monitoring tools used must be strictly necessary for organisational and productive needs, work safety, or the protection of company property, and must be agreed upon with union representatives or authorised by the National Labour Inspectorate. Foodinho failed to verify these criteria or initiate the required approval process.
Foodinho will specifically need to reformulate the messages sent to riders when their accounts are deactivated or blocked and ensure that decisions made by algorithms are verified by adequately trained operators. Additionally, Foodinho must activate an icon on the riders' devices indicating when the GPS is active and deactivate it when the app is in the background.
Furthermore, Foodinho must adopt appropriate measures to prevent improper and discriminatory uses of reputation mechanisms based on customer feedback and comply with the provisions of the Workers' Statute regarding remote monitoring.
The adoption of this measure by the Guarantor coincides with the publication in the Official Journal of the European Union (on 11/11/2024) of EU Directive 2024/2831 The Platform work directive.
- Keywords
-
privacy and data protection,
algorithmic management
- Actors
-
Platform,
Government,
Court
- Sector
-
Transportation and storage
- Platforms
-
Glovo,
Delivery Hero,
Foodinho
Sources