Uber Allegedly Violated GDPR by Failing to Provide Sufficient Notice on Automated Profiling for Drivers

UK Uber drivers, supported by the App Drivers & Couriers Union (ADCU) and Worker Info Exchange (WIE), filed legal action in Amsterdam District Court in July 2020 against Uber BV for violating GDPR obligations. The drivers requested access to their personal data and information about automated decision-making and profiling used in Uber's systems, including driver performance monitoring, ride allocation, pricing algorithms, and account deactivation processes. Uber initially provided only limited data, refusing to disclose comprehensive information about its algorithmic management systems. The case involved multiple drivers from the UK and Portugal seeking data on passenger ratings, fraud probability scores, earning profiles, journey allocation systems including batch matching and upfront pricing, and performance-related tags such as 'Late arrival/missed ETAs', 'Cancelled on rider', 'Attitude', and 'Inappropriate behaviour'. In 2023, the Amsterdam Court of Appeal ruled largely in favor of the drivers, finding that Uber's automated systems for ride assignment, price calculation, driver rating, fraud scoring, and account deactivation constituted automated decision-making under GDPR. The court ordered Uber to provide transparent information about how driver data and profiling is used in pricing and work allocation systems, rejecting Uber's trade secrets defense. The companies were given two months to provide requested information with potential daily fines of several thousand euros for non-compliance.