` – The Guarantor has enjoined a Deliveroo Italy the payment of a fine of 2 million and 500 thousand euros for having unlawfully processed the personal data of about 8,000 riders– In order to comply, the company will have to modify the processing of workers’ data by adapting, within certain times, to the prescriptions dictated by the Authority.
From the investigations carried out also at the headquarters of the company, which carries out food and product delivery activities through a digital platform, “numerous and serious violations of the European and national privacy legislation, of the Workers’ Statute and of the recent legislation on protection of those who work with digital platforms “.
The offenses concerned among other things “the lack of transparency of the algorithms used to manage the riders, both for the assignment of orders and for the booking of work shifts “.
The company, which at the end of 2020 declared that it no longer uses the shift booking system, will have to provide riders with “precise information on the functioning of the order assignment system and identify measures to protect the right to obtain human intervention capable of to fully evaluate and, if necessary, substantially correct the functioning of the system “.
In any case, it is up to the company to “verify, on a periodic basis, the correctness of the results of the algorithms to minimize the risk of distorted or discriminatory effects”.
From the checks – explains the Guarantor – it also emerged that Deliveroo “also carries out a meticulous check on the work performance of the riders – through the continuous geolocation of their device, which goes far beyond what is necessary to assign the order (for example, detection of the position every 12 seconds, storage of all paths for 6 months) – and through the storage of a large amount of personal data collected during the execution orders, including communications with customer care “.
In fact, the system collects data relating to deviations of a few minutes with respect to the estimated times (for example withdrawal from the food from the restaurant or delivery to the customer) or in any case predetermined (for example, the time of actual movement of the rider from the place where he accepted the pick up).
All that “in violation of the Workers’ Statute which, for the use of devices from which remote control of the worker can also derive, requires, before installation, lto the existence of specific needs (job security, protection of company assets) and in any case the stipulation of a trade union agreement or the authorization of the Labor Inspectorate “.
The Authority granted Deliveroo 60 days to correct the violations found and a further 90 days to complete the interventions on the algorithms.