Foodinho, a subsidiary of GlovoApp23, will have to amend the way it processes its riders’ data through a digital platform and verify that the algorithms used to book and assign orders for food and other products do not result into discrimination. The company was also fined EUR 2.6 million.
This decision by the Italian SA (Guarantor for the protection of personal data) is the first one concerning riders and follows an initial set of inspections on the handling of employees’ data by the main food delivery companies in Italy.
The complex inquiries also concerned Foodinho, an Italy-based company, and led to finding several infringements of data protection legislation, the Italian law on employer-employee relations, and the recently enacted legislation to protect workers using digital platforms.
The Italian SA also initiated, for the first time, a joint operation with the Spanish SA (AEPD) under the terms of the GDPR to shed light on operation of the digital platform owned by the holding company, ie, GlovoApp23.
Several serious infringements could be found with particular regard to the algorithms used to handle employees. For instance, the company had failed to adequately inform its employees on the functioning of the system and had not implemented suitable safeguards to ensure accuracy and fairness of the algorithmic results that were used to rate riders’ performance. Additionally, the company had no procedures in place to enforce the right to obtain human intervention, express one’s point of view and contest the decisions taken by way of those algorithms – which in some cases entailed the exclusion of riders from work assignments.
Accordingly, the Italian SA ordered the company to lay down measures to protect riders’ rights and freedoms with regard to automated decisions, including profiling.
Foodinho was ordered to check accuracy and relevance of the data used by the system – chats, emails and phone calls between riders and customer care, geolocation at 15-second intervals, mapping of routes, estimated and actual delivery time, details on the handling of current and past orders, feedback from customers and partners, device battery level, etc. . This is also intended to minimize the risk of errors and biases that might for instance result into reducing delivery assignments to certain riders or excluding a rider from the platform as such. The risk in question is also related to the rating system, which relies on the application of a mathematical formula carrying penalties for those riders who do not accept orders promptly or reject such orders, whilst riders accepting orders on schedule or delivering most orders are prioritized.
The company will have to lay down measures preventing inappropriate and / or discriminatory applications of the reputational mechanisms based on the feedback from customers and business partners.
In calculating the 2.6 million EUR fine imposed on Foodinho because of the infringements found, the Italian SA also considered the poor cooperation provided by the company during the inquiries as well as the considerable number of the riders concerned in Italy – amounting to about 19,000 when the inspection was carried out. The Spanish company GlovoApp23 is the subject of a separate proceeding led by the AEPD in cooperation with the Italian SA.
The Italian SA set a 60-day deadline for Foodinho to start implementing the measures required in order to remedy the serious shortcomings it had found, whilst additional 90 days were granted to finalise the rehauling of the algorithms.
Rome, 5 July 2021
Source: Italy’s Guarantor of Privacy