Uber UK is once again in hot water with drivers demading their data. The facing legal issues over allegations of non-compliance with GDPR. UK drivers are accusing the company of withholding personal data, thus breaking GDPR regulations. Under GDPR, data subjects have the right to access any personal data held by any company, even employers. The companies then have one month to respond, verbally or in writing.
Just over 6 months ago, Uber was fined $1. 17 million for a data breach when hackers stole information from 57 million Uber users and 600,000 drivers worldwide. Not only did they not report it, they paid the hackers $100,000 to destroy the data they had obtained. Luckily for Uber, the incident happened before GDPR came into effect, so the fine received wasn’t nearly as severe as it could have been. However, they may not be so lucky this time.
UK Uber drivers claim that the company is violating GDPR legislation by not disclosing all the information they have such as, duration of time logged onto the platform and their individual GPS data and ratings. They argue that by gaining access to this information they can calculate their hourly rate to determine if they are getting a fair wage.
What data do the drivers want access to?
- Log in time: Drivers want access to the time they logged into the app so that they can calculate money owed.
- GPS data: They want access to their GPS data in order to calculate operation costs, revenue and nonrevenue time and distance.
- Performance data: Access to this would allow them to understand how performance is monitored and managed, including suspensions from the platform.
- How data is processed: They want details about how said data is processed, how they are profiled by Uber and the impact this has on quality, quantity and value of work.
- Trip ratings: They want access to trip ratings so that they can appeal unfair ratings on a trip-by-trip basis. If a driver’s rating drops below 4.4 they are dismissed, therefore having access to this data would be crucial to maintaining employment.
These factors could have a major influence on drivers’ income and indicate if they are being paid and treated fairly. This incident could be the turning point of future disputes with companys such as Uber and Glovo as they insist that drivers are not employees but are independent contractors. The results of this case could turn the industry on its head.
Are companies complying with GDPR?
Companies are still slow to implement measures to comply with GDPR. Data subjects are making complaints and requesting their information, but whether companies are disclosing all the information remains to be seen. Many believe that 2019 is a transition year and as time goes on, so will the severity and volume of fines given.
This incident should be a warning to companies everywhere to ensure they are compliant with GDPR and other regulations. There have already been a number of large fines, but for the most part companies have been avoiding fines. Prevention is always better than the cure.
What can I do to protect my company?
To ensure your company protects itself and complies with these regulations, you need to ensure all data you hold is secured, whether that be on-premise, in the cloud or by a third party. If data storage is by a third party, some processes are out of your provider’s control. Therefore, you need to ensure that all internal processes within your company comply with security regulations.
Here at Cloud Worldwide Services, we are passionate about ensuring that all our data storage practices are encrypted, protected and secured. Our virtual fax solution eComFax and call recording solution Recordia are both GDPR compliant, as well as being compliant with other EU and international regulations.