Hunton Andrews Kurth writes:
On August 2, 2021, the Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) announced that it had levied a €2,500,000 fine on Deliveroo Italy s.r.l. for the unlawful processing of personal data of approximately 8,000 Deliveroo riders, and various infringements of the EU Genera Data Protection Regulation (the “GDPR”).
Following an investigation into Deliveroo’s practices, the Garante found that Deliveroo had failed to provide transparent information to its riders about the algorithm used to manage riders’ work shifts. In addition, the Garante found that Deliveroo’s app collected a disproportionate amount of riders’ personal data in violation of the principles of lawfulness, transparency, data minimization and storage limitation.
Read more on Privacy & Information Security Law Blog.