The Italian privacy regulator has hit Foodinho, an Italian food delivery company, with a €2.6 million fine for infringing the GDPR by using an automated algorithm to rate its delivery personnel and increase or decrease food orders assigned to them. Foodinho’s algorithm used a variety of data to assess the performance of its delivery personnel. This included chats, emails and phone calls between delivery persons and customer care, geolocation, delivery routes, estimated and actual delivery time, and feedback from customers.

The Italian regulator’s investigation into Foodinho uncovered several infringements. First, the company failed to adequately inform its employees on the functioning of the algorithm. Second, it did not implement suitable safeguards to ensure the accuracy and fairness of the algorithm. Third, the company did not establish policies for enforcing the right to obtain human intervention and contest the decisions taken by automated algorithms.

Foodinho was required to check the accuracy and relevance of the data used by the algorithm, because such errors may adversely impact certain delivery personnel by way of reduction of delivery assignments to them or their complete exclusion from the platform. Additionally, the Italian regulator ordered Foodinho to amend how it processes delivery personnel’s data through its platform to prevent any inappropriate or discriminatory results, within 90 days.

Click HERE to read the Italian data protection authority’s press release.