A subsidiary of the Dutch meal delivery group Just Eat Takeaway, the German Lieferando, violates the GDPR data protection law extensively. This is the conclusion of a supervisor from the German state of Baden-Württemberg. He has lodged the case with the Dutch Data Protection Authority in The Hague.
This is shown by research by the Bayerische Rundfunk. Lieferando’s regular deliverers are closely followed with every delivery via an app and this data is sometimes stored for years. The data protection regulator of the state of Baden-Württemberg has investigated the case and has come to the conclusion that there is a serious violation of the GDPR. According to this regulator, this should lead to a fine of more than 10 million euros.
Precise data of orders, pick-up of meals from restaurants, the route traveled and deliveries to the homes are accurately tracked in the app, a total of 39 data per trip. Every delivery of deliverers over the last few years has been meticulously recorded. The files amounted to 100,000 data per delivery person from Lieferando.
App also used in the Netherlands
Just Eat Takeaway uses this app to monitor deliverers in many countries, including the Netherlands. According to the group, the data processing complies with the rules. “Our delivery app is in line with the GDPR. The data is not used for unauthorized monitoring of, for example, performance or behavior, and we inform users about how we use the data, ”said a spokesperson when asked.
According to Just Eat Takeaway, the data is used for optimization: “The times and locations are essential for the delivery service to run efficiently, for example to determine routes and for the food tracker, which enables restaurants and consumers to track the status of an order. to see, ”said the spokesman.
After they became suspicious, Lieferando’s delivery staff requested the arrangements under which the data collection takes place. Under the GDPR, employees have the right to know to what extent they are being tracked by their organization. The Works Council has been engaged. Chairman Semih Yalcin tells the broadcaster: “From our point of view, this is total surveillance. We think it is completely disproportionate. ”
‘Serious Violation of the Law’
Experts blame the method. Peter Wedde, professor at the Frankfurt University of Applied Sciences, who specializes in company data, calls the intensive tracking of employees towards BR a serious violation of the law, and the data watchdog of the state of Baden-Württemberg agrees with the verdict “unmistakably illegal”. Chairman Stefan Brink has forwarded the findings to the Dutch Data Protection Authority with a request to take action against parent company Just Eat Takeaway in Amsterdam.
Brink believes that this is a ‘maximum violation’, which should be punished with an amount of ‘millions of double digits’. That would mean that the Dutch Data Protection Authority would have to fine at least ten million euros. The highest fine so far imposed by the AP is 830,000 for the Credit Registration Office.
In accordance with the GDPR, regulators can impose a fine of up to 4 percent of the turnover. In 2020 the global turnover of Just Eat Takeaway grew to 2.4 billion euros. The AP makes no statements about current research.
Also read: Angry meal deliverers in Israel are in conflict with Just Eat Takeaway
The name of the app is Scoober, which is also the name of the logistics part for delivery of meals from Just Eat Takeaway. The aim of this subsidiary is the optimization of routes and management of suppliers of logistics services based on data from the entire ‘customer journey’. In the Netherlands and Germany, Scoober has been active with the app since 2016, and in other former Takeaway.com countries the app was introduced in the following years.
‘Just Eat Takeaway violates GDPR data protection law’
Source link ‘Just Eat Takeaway violates GDPR data protection law’