March 2021 - the Netherlands - UBER BV / Uber drivers (deactivation of drivers' accounts)

ECLI:NL:RBAMS:2021:1019

Ruling on March 11, 2021

Authority: Cantonial Court Amsterdam

Parties: Uber-drivers/Uber

Subject: General Data Protection Regulation. Processing of personal data. Automated decision-making via an algorithm. Transparency of the use of personal data.

Summary: Uber is an international company which offers online services in the transport sector through matching passengers and drivers. Uber’s EMEA Operational Risk team uses software to detect potentially fraudulent behaviour. Deactivation of a driver takes place after a unanimous decision made by two employees of the risk team. In this case, the accounts of four drivers using the Uber driver app were deactivated because according to Uber they committed fraud. The drivers claim that the deactivation is based on an automated decision as mentioned in the GDPR. Therefore, they request insight into the automated decision-making process.


Legal question: Is the decision to deactivate the accounts of the drivers based on automated decision-making and is Uber obliged to give the drivers insight into the decision-making process?


Considerations: Deactivation of an account does not take place without human intervention since the final decision is made by two employees of the risk team. Therefore, the judge decided that deactivation is not based on automated decision-making. However, with respect to two of the four drivers Uber did not specify what fraudulent behaviour led its decision to deactivate the account of the driver. Consequently, these drivers could not verify what personal data Uber used in the decision-making process leading to the decision to deactivate the account. Uber must provide insight into the personal data which formed the basis of its decision so these two drivers can check whether the processing of their personal data has been correct, lawful, and transparent.


Ruling: Deactivation is not based on automated decision-making. However, Uber must meet the transparency requirements under the GDPR and provide insight into the personal data which formed the basis of the decision to deactivate the account of the drivers.

Loading...