Uber faces GDPR lawsuit over 'robo-firing' algorithm

Ride-hailing firm's "Orwellian world of work" will become the norm if not checked, according to driver's union

Black cards of Uber logos

Uber is facing a legal challenge over its automated “robo-firing” algorithm that allegedly breaches Article 22 of the General Data Protection Regulation (GDPR).  

The App Drivers & Couriers Union (ACDU) has filed a complaint in Amsterdam's district court, where Uber's data resides, representing four former drivers from London, Birmingham and Lisbon, Portugal. 

The ACDU said that in each case the drivers were dismissed by Uber after being flagged up for "fraudulent activity." The claims, which the drivers deny, have not been reported to the police, but Uber deactivated their accounts.

The union also allege that Uber never gave the drivers access to any of the purported evidence against them, nor did it allow them to challenge or even appeal the terminations. 

Under the UK's Data Protection Act and Article 22 of GDPR, individuals have the right to certain protections from any automated decisions which create negative effects that are not carried out with meaningful human intervention. 

Two of the drivers were based in London. One was dismissed after Uber said its system detected "irregular trips associated with fraudulent activities", according to ACDU. The other was dismissed for "the installation of and use of software which has the intention and effect of manipulating the Driver App".

Neither driver was given any further explanation or the right of appeal, the ACDU said. 

"Uber has been allowed to violate employment law with impunity for years and now we are seeing a glimpse into an Orwellian world of work where workers have no rights and are managed by machine," said Yaseen Aslam, president of the ADCU. "If Uber is not checked, this practice will become the norm for everyone." 

The legal challenge comes just a month after Uber won back its London-operating license after proving its system was 'fit and proper'. London-based drivers who are dismissed by Uber are automatically reported to Transport For London (TfL), who may take licensing action against them.

However, James Farrar, the ADCU's general secretary told the BBC that Uber refused to give additional details to TfL because it would compromise its security. 

"Uber provides requested personal data and information that individuals are entitled to," said a spokeswoman for Uber. "We will give explanations when we cannot provide certain data, such as when it doesn't exist or disclosing it would infringe on the rights of another person under GDPR."

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020