Uber might not have the best record in keeping personal information secure but it is facing the wrath of its drivers – and the threat of legal action – for keeping their sensitive data firmly under lock and key.
According to the drivers, and data access campaign group Worker Info Exchange, the ride-hailing app is withholding GPS, rating and profiling data, and has failed to explain how it uses their personal information in its work allocation algorithms.
As such, Worker Info Exchange claims Uber is in breach of Article 15 of the GDPR, which gives individuals the right to obtain confirmation as to whether or not their personal data is being processed and to access the data an organisation holds.
Four drivers – including the men who brought the workers’ rights claim that Uber will appeal against in the Supreme Court later this year – have been requesting the data since July 2018 and said they had only received “delayed, inconsistent, incomplete, piecemeal and mostly unintelligible disclosures”.
Following pressure from lawyers, Uber sent them some data it holds in April, but the drivers claimed this did not include information relating to how Uber profiles its drivers; how personal data is used in automated decision-making when allocating work; GPS data for when drivers are logged off with the app open; logged on and waiting for work; and en-route to collect a passenger.
The firm also stands accused of withholding daily overall driver ratings and individual trip ratings, and the personal data held by various Uber entities in the UK, Ireland and the Netherlands.
Worker Info Exchange founder and director James Farrar, who is co-lead claimant in the Uber workers’ rights case told Personnel Today: “On the week that Uber floats on the stock exchange as a public company, it is outrageous that it continues to flout important EU and UK data protection laws.
“Uber has automated the management function and hidden it in algorithms behind the digital curtain while insisting drivers are their own bosses.
“Drivers are suspended and fired at will without due process, right of an appeal or even an adequate explanation. Drivers will never have access to worker rights protections while Uber withholds personal work data. We intend to fight this until Uber complies with the law.”
Worker Info Exchange claims Uber uses software to profile drivers and records comments such as “attitude” and “missed ETA”.
Ravi Naik of ITN Solicitors, which is representing the drivers, added: “Our clients have taken a principled stance of engaging with Uber in the hope that the company will provide their data. Rather than cooperating in the same manner, Uber have withheld information to which our clients are entitled by right.”
It is all a far cry from November last year, when Uber was whacked with fines of more than £900,000 by UK and Dutch regulators for showing “complete disregard” for the personal information of both customers and drivers following a 2016 hack attack which the company covered up for over a year.
Tesco dumps Uber in fresh Clubcard Reward shake-up
Uber fined £900,000 over ‘complete disregard’ for data
Uber hires two privacy chiefs in wake of mass breach
Uber faces long arm of the law over 64m data breach