Four Uber drivers have asked a court in the Netherlands to overrule a decision to deactivate their accounts that they allege was based solely on the incorrect findings of an algorithm. The four drivers (3 from the UK and 1 from Portugal) were accused by Uber of having engaged in fraudulent activities. They deny this accusation and maintain that being dismissed in the way they were was a breach of the GDPR
Article 22 of the GDPR prevents data subjects (in this context the Uber drivers) being subjected to a detriment because of a decision based solely on the findings of an algorithm. In other words, they have the right to have decisions relating to them checked over by an actual human being.
The four drivers allege that there had not been proper human intervention in coming to the decision to deactivate their accounts, and that Uber had deferred too readily to the findings of its algorithm.
Uber however dispute this and says that the findings of the algorithm were checked over by a team of “specialists” before the final decision to deactivate was made, therefore meaning that Article 22 was complied with.
Anton Ekker (the Uber drivers’ lawyer) disputes this and argues that even if there was actual human intervention in the decision-making process, this had to be meaningful, rather than just a token gesture that allowed compliance with Article 22. In other words, the persons reviewing the automated decision, he says, must actually have had authority to change it.
The case has not yet been to trial, but without a doubt it will bring into question some very interesting points relating to artificial intelligence. Article 22 GDPR represents a means by which employees are protected from artificial intelligence, and in consideration of the courts’ previous treatment of ‘gig-economy’ employers such as Uber, it may well be that they find their over-reliance on AI to be unlawful.
The case may well serve as a reminder that the GDPR prohibits total reliance on an algorithm when data controllers (employers) are making decisions that could potentially be of detriment to their data subjects (employees). Even if you do not yet implement artificial intelligence in your decision-making processes, the area is a rapidly developing one and so it is always good to be aware of any developments. We recommend purchasing PJH law’s own GDPR e-learning resource!
On a side note, the drivers are also challenging Uber on their failure to provide a substantive reason for dismissing them other than that they were engaged in fraudulent activity. Their lawyers say this is a breach of Article 15 of the GDPR, which allows data subjects access to their data as held by data controllers. There is another interesting case to look out for in relation to this Article of the GDPR (also against Uber) set to be heard in December.
Finally, it always serves to remember that nothing will change after Brexit in relation to the GDPR. We have enacted this European law into our own UK law in the form of the Data Protection Act 1998/2018, meaning it’s not going anywhere any time soon.