Yasmin Dwiputri & Data Hazards Project / Better Images of AI / AI across industries. / CC-BY 4.0


The proposed EU directive on improving working conditions in platform work is the first legislative initiative that attempts to regulate the use of AI, in the form of algorithmic management, in the workplace. This innovative legislative proposal pursues a double goal: first, correcting the employment status of people working in digital labour platforms and ensuring that they have adequate working conditions, while supporting the sustainable growth of digital labour platforms in the EU and, second, making automated decision-making and monitoring systems more transparent and accountable.

The proposed directive is under negotiation in the trilogues with wide gaps between starting positions of the negotiating parties.

The most publicised topic of the negotiations between the Commission, Parliament and Council is the correct classification of platform workers’ employment status.  Another key chapter of the proposal, which targets algorithmic management, cannot be underestimated by the negotiators as it can create new rights and protections for workers and will serve as a blueprint for future legislation on the topic.

Technical and judicial evidence that supports the need for clear rules

Algorithmic management is an essential feature for the digital labour platform business model, whose network effects are enabled and fostered by algorithms. The concept is not precisely defined but Article 6 of the proposed directive describes it as (a) “automated monitoring systems which are used for, or support, monitoring, supervising or evaluating the work performance of platform workers through electronic means” and (b) automated decision-making systems that “use, take or support decisions that significantly affect those platform workers’ working conditions”. These systems depend on the granular processing of workers’ data, including biometrics and data about their health, location, movement, speech, speed, time, task allocation, price, etc.  

The complexities of algorithmic management, its design architecture, and its implementation in mobile apps used by workers are well-documented. There is substantial evidence from academic research, investigative journalism and  court cases indicating the opacity of algorithmic systems and the hidden nature of the operations they perform.

In the case Uber drivers v. Uber [Amsterdam 2023 ECLI:NL:GHAMS:2023:793], in the request of information about the existence of automated decision-making within the meaning of Article 22 of the GDPR, the Amsterdam Court of Appeal demanded that Uber produced meaningful information on the logic involved in the decision-making processes, as well as the significance and expected consequences of those processes for the data subjects. The Court categorically rejected Uber’s submission regarding human review in its algorithmic decision-making, labelling it a mere “symbolic act”.

An investigation conducted by the Italian Data Protection Authority in the Glovo-Foodinho case revealed troubling practices in the processing of workers’ data. A technical analysis of a worker’s mobile app detected that the algorithm was tracking his location outside working hours and sharing it (both during and outside working hours), along with other personal data, with undisclosed third parties not mentioned in the app’s documentation. It also showed that the app generated two scores for each rider, one communicated to him, the other hidden, with a different value.

Correcting the course to ensure lawful algorithmic management

The directive’s chapter on algorithmic management is innovative and proposes a unique blend of privacy and data protection laws with labour legislation. It uses as a foundation the principles and provisions of the GDPR, which has proven its ability to protect the rights of data subjects.

However, the trilogue negotiations are now indicating a deviation from the principles and provisions established by the GDPR, which would weaken the protection platform workers need and deserve. Three specific risky deviations are currently envisaged.

  1. Allowing for ambiguity on the prohibition to process personal data

The text under negotiation contains specific prohibitions to process personal data. A proposal has been made to apply this prohibition only to automated monitoring and decision-making systems. This would constitute a dangerous deviation from the GDPR, which establishes that any processing of data should respect its provisions.

  1. Workers’ consent

Consent is currently not a valid legal basis to process workers’ data in the context of work. Indeed, giving consent when involved in a relation of subordination or dependency is fundamentally flawed: the worker’s personal freedom is limited, as the employer has the power to control and discipline him/her.

This is now challenged in the trilogues, despite numerous judicial decisions and legal provisions confirming the problematic nature of worker consent.  

The European Court of Human Rights’ ruling in Bărbulescu v. Romania [2017 ECtHR 742], underlines the problematic nature of worker consent in the employment context, highlighting its impossibility to be free. Then, Opinion 2/2017 on data processing at work by the Article 29 Data Protection Working Party concurs that the processing of data cannot be legitimised through the workers’ consent: workers are in a relationship that is asymmetrical and unequal, hence their consent cannot be unambiguous and freely given, nor refused or revoked. In addition, the fact that a worker uses (digital) devices or installs software that facilitates data processing cannot qualify as consent, which requires an “active expression of will”. Using the same logic, GDPR recital 43 and articles 6 and 7 also establish that consent cannot be used as a legal ground for processing workers’ data.

Further, GDPR recital 155 and article 88 allow Member State law or collective agreements, including “works agreements”, to provide “for specific rules on the processing of employees’ personal data in the employment context, in particular for the conditions under which personal data in the employment context may be processed on the basis of the consent of the employee […]”.

This provision requires careful consideration, as it may lead to less harmonization, when more harmonization is actually desirable. Also, the EU Data Protection Board (EDPB), in its Guidelines 05/2020 on consent signals that processing personal data that are not necessary for the performance of a contract or service is highly undesirable and cannot be presented as a mandatory consideration. Consent can only be a valid legal ground in concrete and exceptional circumstances, necessary for the performance of the contract and with no adverse consequence at all should the worker not give it. Overall, including worker consent in the Platform Work Directive is fundamentally problematic.

The problematic nature of consent is further compounded by the added layer of algorithmic management that characterizes platform work and mediates between the digital labour platform and the worker. In this environment, workers’ agency and autonomy are reduced, which impairs their ability to effectively assert fundamental rights.

For the above reasons, the Platform Work Directive must not contravene the GDPR’s minimum requirements and the specific considerations of the Article 29 Working Party and the EDPB. It is crucial for legislators to ensure harmonisation with established data protection principles, particularly in such a sensitive area as worker consent.

  1. Robo-firing

The third deviation discussed in the trilogues is the possibility to use robo-firing, which involves dismissing workers through automated decision-making systems, without giving notice nor a reason.

This would be an infringement of GDPR Article 22, which addresses decisions based ‘exclusively’ on automated processing.

The Amsterdam Court of Appeal, in Uber drivers v. Uber, addressed the topic of automated decision-making, in the context of allegations of fraudulent activity made by Uber against drivers [ECLI:NL:GHAMS:2023:793]. Uber drivers argued that the temporary blocking and deactivation of their account was decided by means of automated decisions, and that this affected them to a significant extent within the meaning of article 22(1) of the GDPR. The Court of Appeal judged in favour of the drivers, concluding that Uber was not able to sufficiently prove that there had been (1) an actual human intervention, and (2) an effective manual investigation after a signal of possible fraud was received, with Uber’s risk team (based in Krakow) failing to even hear the drivers. The Court concluded that the investigation conducted by Uber was nothing more than a purely symbolic act.

Given these judicial precedents, it is imperative that the directive prohibits robo-firing. It should also ensure that automated decision-making systems comply with fairness, transparency, and accountability standards, as set forth in existing legal frameworks. In addition, the directive should establish that, by default, automated decisions should be presumed to be fully automated, unless digital labour platforms demonstrate meaningful human intervention.


The chapter on algorithmic management can effectively bring transparency, protection, oversight, and redress to the way algorithms are used, but only if EU legislators strengthen its provisions.

The objective of the trilogue process is to achieve a balanced approach and a package deal. In the case of the Platform Work Directive, it is crucial to recognize that such balance is illusory when the inherent nature of algorithmic management is a black box, by nature anything but transparent.

EU legislators need to avoid ambiguous provisions, provide legal clarity and ensure that data protection is adapted to the modern global work context. Failure to do so risks compromising the integrity of the chapter on algorithmic management, as well as the ability to ensure its enforceability.

The three risky deviations related to data processing, automated decisions and robo-firing must be abandoned. The General Data Protection Regulation, the European Union Charter of Fundamental Rights (CFREU) and the European Convention on Human Rights (ECHR) must be upheld.

Finally, the way algorithmic management is regulated under the PWD is likely to influence the negotiations that legislators are conducting on high-risk AI systems, within the framework of the AI Act, as well as other future legislation on AI at work.

This page as PDF

Leave a Reply

Your email address will not be published. Required fields are marked *