08 May

Uber faces legal action for GDPR non-compliance


Uber drivers are threatening to take legal action over claims the company has refused to disclose personal information it holds on them under the General Data Protection Regulation (GDPR).

Four drivers claim the company is simply failing to comply with EU data disclosure obligations.

They say the driver hailing app has failed to disclose the personal information that it holds on them and they are in breach of Article 15 of GDPR, which guarantee them the right to know whether or not personal data concerning them is being processed and to have access to any data held on them.

Personal data

According to Personnel Today, the drivers and data access campaign group Worker Info Exchange say that  Uber is “withholding” GPS, rating and profiling data, and has failed to explain how it uses their personal data in its work allocation algorithms.

The drivers have been requesting data since July 2018 and said they had only received “delayed, inconsistent, incomplete, piecemeal and mostly unintelligible disclosures”.

Following pressure from lawyers, Uber sent them some data it holds in April, but the drivers claimed this did not include information relating to:

  • how Uber profiles its drivers
  • an explanation of how personal data is used in automated decision-making when allocating work
  • GPS data for when drivers are logged off with the app open; logged on and waiting for work; and en-route to collect a passenger
  • daily overall driver ratings and individual trip ratings, and
  • the personal data held by various Uber entities in the UK, Ireland and the Netherlands.

 

Compliance

James Farrar, founder and director of Worker Info Exchange and co-lead claimant in the Uber workers’ rights case said: “On the week that Uber floats on the stock exchange as a public company it is outrageous that it continues to flout important EU and UK data protection laws.

“Uber has automated the management function and hidden it in algorithms behind the digital curtain while insisting drivers are their own bosses.

Drivers are suspended and fired at will without due process, right of an appeal or even an adequate explanation. Drivers will never have access to worker rights protections while Uber withholds personal work data. We intend to fight this until Uber complies with the law.”

Fines

Last year, Uber escaped a major fine over a UK customer data leak as incident happened before GDPR rules came into force.

The tech giant Uber was fined £385,000 by the Information Commissioner’s Office (ICO) after it tried to quietly pay-off hackers who had stolen the personal details of around 2.7million UK users.

This sum was small compared to the $148m (£112m) the company  agreed to pay US regulators  over the major breach, which saw hackers steal the sensitive details of 57 million Uber users and 600,000 drivers worldwide.

The discrepancy in the UK and US fines is due to the fact the ICO investigated the breach under the Data Protection Act 1998, which only allows for a maximum fine of £500,000.

The new EU-wide GDPR law which came into force last May,  now allows the watchdog to fine companies up to €20 million (£17.7 million) or four percent of turnover.

 

 

LATEST NEWS

BENEFITS

  • Feature
    No set up fee
  • Feature
    Maintain compliance
  • Feature
    Save time and resources
  • Feature
    Certified GDPR experts
  • Feature
    Protect your reputation
  • Feature
    Protect your business
THE COMBINATION OF GDPR CERTIFIED SPECIALISTS AND COMPLIANCE EXPERTS, BACKED BY OUR PROPRIETARY iCaaS SOFTWARE PLATFORM DELIVERS THE MOST EFFECTIVE GDPR COMPLIANCE, ANYWHERE.
Photo

Pricing

Check out our most popular packages to assist your business to achieve 100% GDPR compliance
  • PAY MONTHLY
  • PAY IN ADVANCE
    ONE MONTH FREE
24/7 portal access

30 minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP Analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Subject Access Request management

Certificate of GDPR awareness

Automated legislation and ICO updates

Extensive FAQs

1 authorised user

Instant access

£49 PER MONTH

Buy Now

£539

Buy Now
GET INSTANT PORTAL ACCESS
24/7 portal access

120 minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Bespoke privacy policy creation

Subject Access Request management

Certificate of GDPR awareness

Automated legislation and ICO updates

Data breach support

Extensive FAQs

Up to 4 authorised users

Instant access

£99 PER MONTH

Buy Now

£1089

Buy Now
GET INSTANT PORTAL ACCESS
24/7 portal access

240+ minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Bespoke privacy policy creation

Subject Access Request management

Certificate of GDPR awareness

Advanced DPIA guidance

Proactive project plan tracking

Automated legislation and ICO updates

Enhanced data breach notification support

Extensive FAQs

Up to 10 authorised users

CONTACT US

Get In Touch
PRICE ON APPLICATION

INTERESTED...
TRY OUR DEMO

No need to wait. Log in straight away and take a look at our easy-to-use online portal 24/7.

ONLINE DEMO

HAVE ANY
QUESTIONS?

Our team of GDPR experts are here to offer you pre sales advice to help you choose the right package.

READY TO
GET STARTED?

Wherever you are, our solution helps you reach and maintain compliance.

BUY NOW

Get in
Touch

ADDRESS

8 Elmwood, Chineham Park,
Basingstoke, RG24 8WG

CONNECT WITH US