September 20, 2021

Volume XI, Number 263

Advertisement

September 20, 2021

Subscribe to Latest Legal News and Analysis

September 17, 2021

Subscribe to Latest Legal News and Analysis

Italian Garante Fines Deliveroo 2.5M Euros for Unlawful Processing of Personal Data

On August 2, 2021, the Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) announced that it had levied a €2,500,000 fine on Deliveroo Italy s.r.l. for the unlawful processing of personal data of approximately 8,000 Deliveroo riders, and various infringements of the EU Genera Data Protection Regulation (the “GDPR”).

Following an investigation into Deliveroo’s practices, the Garante found that Deliveroo had failed to provide transparent information to its riders about the algorithm used to manage riders’ work shifts. In addition, the Garante found that Deliveroo’s app collected a disproportionate amount of riders’ personal data in violation of the principles of lawfulness, transparency, data minimization and storage limitation.

The Garante also ordered Deliveroo to correct the GDPR violations it had found in Deliveroo’s data protection practices, including violations relating to, among others:

  • Accountability, including the preparation of internal documentation on personal data processing, internal records of processing and data protection impact assessments;

  • Transparency regarding data storage limitation, the measures implemented to protect the rights, freedoms and legitimate interests of riders, and measures implemented to verify the accuracy of data used by Deliveroo’s algorithm to manage riders’ work shifts.

Deliveroo was given a period of 60 days to correct the violations, and an additional period of 90 days to correct those related to the algorithm it uses.

Read the Garante’s press release and decision (in Italian).

 

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 217
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement