The rise of on-demand food delivery services has transformed the food industry, offering a convenient and hassle-free way for consumers to order food from their favourite restaurants. One of the most popular platforms in this market is Uber Eats, which has quickly become a household name across the world. The system works by connecting customers with nearby restaurants through a digital platform, where they can place orders and track deliveries in real-time. The food is delivered by riders, Uber Eats food couriers, who are paid per delivered meal and per driven kilometre for that delivery. On the 15th of September 2022 two articles were published by Rengers and Houtekamer in the Dutch NRC newspaper, describing the day of ghost riders of Uber Eats. Ghost riders are non-registered riders, who are renting platform delivery accounts from verified riders of Uber Eats for approximately a hundred euro per week (Rengers & Houtekamer, 2022a). Ghost riders are invisible to public instances, are mostly nonregistered citizens, not covered by any insurance, not paying any taxes, and work for registered employees (Rengers & Houtekamer, 2022a). By using false identities on the Uber Eats platform, registered riders are facilitating undocumented riders to work under severe working conditions. For instance, when a ghost rider would break a leg, they would not be covered by any insurance, would have no income, and would have to rely on the support that they might receive from others. The Dutch labour authority has conducted many on-site inspections. But alas, riders would warn each other when inspections would occur through communication applications such as Signal (Rengers & Houtekamer, 2022a). This way (ghost) riders cannot be actively and effectively pursued by national instances.
Furthermore, in order to get paid more for each food delivery the Uber Eats payment system has been tempered with by riders. As riders for Uber Eats are paid per driven kilometre, a certain software has the ability to circumvent Uber Eats payment system in so that it seems that riders would have driven extra kilometres for the delivery (Rengers & Houtekamer, 2022a). One would think that Uber would want to take precautions so that employees would not be paid extra for bogus kilometres. However, it has been reported that Uber Eats is not interested in developing strategies to combat these dubious acts (Rengers & Houtekamer, 2022a). It has been suggested that Uber Eats relies on the employment of migrants in order to function as a successful cooperation (Gebrial, 2022), hinting that pursuing riders would not be in the interest of the big digital platform. This provides for an interesting case, and I found that the overall broader picture has not been addressed so far by academia: the abuse of a digital platform for labour by workers, and the employer who is not held accountable for facilitating an unsafe and unhealthy working environment.
Reporting to Uber Eats or relying on national public instances have not been successful thus far. But there might be a solution to this growing issue: The EU commission has drafted a proposal for a directive on digital platform labour, to address the use of automated systems and the status of workers for digital platforms. It might be interesting to see whether this directive incorporates a cybercrime element, and whether the dubious acts by (ghost) riders can be seen as cybercrimes. By doing this, I hope to find an answer to this question: How can this EU proposal help tackle the issue of (ghost) riders making use of false identities and circumventing the digital system of Uber Eats?
This blogpost will explore the proposal on its set objectives and proposed articles, in order to uncover whether there is a possibility to regulate and protect digital labour systems, and essentially combat the unsafe and unhealthy working environment that the digital labour platforms facilitate. The next chapter will first explore the previously mentioned acts by Uber Eats riders, and whether these acts can be perceived as acts of cybercrime. The third chapter will dive into the objectives and relevant articles of the proposal for a directive on digital platform labour to determine whether such dubious digital acts by workers can be regulated. This paper will end on a concluding note, by addressing the underlying issue at hand and why it should be addressed by specific legislation such as the directive on platform labour.
Acts of Cybercrime
Using false identities to work, and circumventing the Uber Eats payment system to get paid more are without a doubt instances of technology abuse. It must be stated that the abuse of technology does not necessarily mean that a crime has been committed (Furnell, 2020). For example, downloading pornographic content onto a workplace laptop is not an illegal act per se. However, it is not commonly accepted behavior in the workplace (Furnell, 2020). Nevertheless, all forms of cybercrime do involve technology abuse for negative purposes (Furnell, 2020). Can the forementioned acts by (ghost) riders of Uber Eats be classified as cybercrimes? This question can simply be answered by explaining what cybercrime actually is, although the answer might not be as straightforward.
Cybercrime has no definitive typology and may be categorised on different levels or groups (Broadhurst, 2022). For instance, law enforcement agencies have developed a useful framework for categorizing cybercrimes based on the role of a computer in the commission of the offence, which is divided into three broad groups (Broadhurst, 2022; Sarre et al., 2018). The first group includes cases where a computer is used as the instrument to carry out the offence, such as in the case of a botnet-spreading malware spam. The second group involves cases where a computer is the target of the offence, such as in the case of data modification or theft or privileged access. Finally, the third group includes cases where a computer is incidental to the offence, such as in the case of investigative or forensic data. By dividing cybercrimes into these categories, law enforcement agencies are able to better understand the nature of the offence and tailor their response accordingly. This framework also helps to identify areas where improvements in cybersecurity and digital forensics may be needed to prevent and investigate cybercrime effectively. (Broadhurst, 2022; Sarre et al., 2018)
Another categorisation as defined by the Serious and Organised Crime Strategy in the UK, is whether the crime has been cyber-dependent, or cyber-enabled (Furnell, 2020). The former describes crimes that can only be committed by the use of computers, networks, or any other form of ICT (Furnell, 2020). These crimes rely on the existence of digital systems, such as hacking, denial-of-service attacks, or the distribution of malware (Bishop, 2020). The latter is described as traditional crimes being increased by scale through the use of computers, computer networks, or any other forms of ICT (Furnell, 2020). These crimes do not necessarily require the use of digital systems, but digital technology is used to facilitate the commission of the offense (Bishop, 2020). I will apply this categorisation for the acts committed by Uber Eats workers.
It can be argued that the use of a false identity through a technical system to work for a company can be seen as an act of cybercrime. Using a false identity to obtain a certain goal is a crime that is a tale as old as time: a traditional crime. These traditional crimes are addressed in EU Member State law such as Italy, where the use of a false identity for personal gain is sanctioned under Article 494 of the Criminal Code (Bianchi, 2022). Adding to this, The Foreign Nationals Employment Act in the Netherlands requires all employers to verify the identity and employment status of their workers, including self-employed individuals, to ensure that they are legally allowed to work in the Netherlands (Ministerie van Sociale Zaken en Werkgelegenheid, 2021). Any use of false identity by self-employed workers to obtain work or benefits is considered illegal and may result in penalties and other consequences, including fines, imprisonment, and revocation of work permits or business licenses (Ministerie van Sociale Zaken en Werkgelegenheid, 2021). Reflecting on the Uber Eats case, the use of a false identity to work is facilitated by a technological system, through the use of a mobile application. Hence, the traditional crime is facilitated by the use of an ICT tool, a cyber-enabled crime. This is because it involves the manipulation of digital systems and platforms for illegal purposes, including tax evasion, and labour exploitation as was previously stated in the introduction.
The second offence, circumventing the Uber Eats system in order to be paid more in wages, is arguably easier to define as an act of cybercrime. But to come to this conclusion, the act will be explained through Dutch law. Starting with paying wages, where according to article 7:610 of the Dutch Civil Code an employee binds themselves to perform labour, whereas the employer will bind themselves to pay the wage (Dutch Civil Code, 1992). This wage must be paid set under the employment agreement as stated by article 7:618 (Dutch Civil Code, 1992). An individual would commit a criminal offence when they engage in fraudulent activities to gain for personal advantages according to article 326 of the Dutch Criminal Code (1881). Using crafty tricks for personal gain would be a traditional crime, but the technological element of using malicious software to circumvent Uber Eats payment system could potentially make it a cybercrime.
All in all, the abuse of technology may not always constitute a crime, but cybercrime does involve the abuse of technology for negative purposes. Cybercrimes can be categorized based on the role of a computer in the commission of the offence, as well as whether it is cyber-dependent or cyber-enabled. In the case of the Uber Eats riders, using a false identity to work can be considered a cyber-enabled crime, while circumventing the payment system can be considered a cybercrime due to the use of technology to manipulate the digital systems for illegal purposes. Such actions are illegal and can result in fines, imprisonment, and other legal consequences. It is crucial to recognize the impact of technology abuse on society and take appropriate measures to prevent and address cybercrime effectively. Will the proposal for the directive on platform labour be able to address this?
Eu proposal on Digital Platform Labour
Before the EU proposal for a Directive on platform labor is discussed, it is important to note that that digital platform-enabled labour was not recognized as a distinct and well-defined aspect of the economy and the job market from a strictly legal perspective (De Stefano & Aloisi, 2018). Digital platform labor is quite new to the market, and legislators are still figuring out how to address and incorporate all the vital aspects, such as the use of artificial intelligence (AI) systems, within legislation. Furthermore, the unhealthy and unsafe working conditions that have been mentioned, have just recently surfaced (Rengers & Houtekamer, 2022). It is the question whether the proposed directive has been able to pick up on the late trends of digital labor platforms. In what way can the EU proposal for a Directive on platform labor address the dubious acts committed by (ghost) riders of Uber Eats? And are there any obligations for digital labor platforms such as Uber Eats to address and combat these issues occurring within their digital systems? First, the purpose of the proposed Directive is discussed. Second, the objectives of the proposal are explained and determined whether these are considered to be helpful in the pursuit of addressing the cybercrime acts by Uber (ghost) riders. And whether there are any obligations for Uber Eats to address and combat these acts.
Starting with an explanation of the proposal for a Directive, which is a legislative initiative of the EU aiming to improve working conditions and rights for platform workers (European Commission, 2021a). The proposal outlines a series of measures that platforms must adhere to, including providing transparent information on how algorithms and data are used to manage and evaluate workers, obligations for providing relevant information on working conditions and employees to competent national authorities, and ensuring fair remuneration and social protection (Konle-Seidl & Danesi, 2022). The proposal also recognizes the unique nature of platform work and calls for the establishment of social dialogue mechanisms between platforms and workers’ representatives to address concerns and ensure effective enforcement of the measures outlined in the proposed directive (European Commission, 2021a). This is later called for by trade unions as they desire to create rules to ensure fair treatment of workers, including a presumption of employment status with a burden of proof on the employer, criteria to verify employment status for both online and in-person platforms, protection against algorithmic management, and equal rights for platform workers, while emphasizing the need for social dialogue (European Commission, 2021a). At first glance, the proposed directive establishes obligations and rules for digital platform employers whilst making an effort to protect the rights for digital platform workers. Are there any elements that can be used to address the misuse of digital platform systems within the proposed directive?
The proposal mentions algorithmic management as the automated system that labour platforms make use of in order to match the supply and demand for work, and consequently have a noteworthy impact on the working conditions for platform workers (European Commission, 2021a, p 2). Algorithmic management is new to society, and the EU acknowledges that there is insufficient transparency on automated decision-making and monitoring, next to the insufficient resources for citizens to seek effective remedies when certain decisions made through these systems negatively affect them (European Commission, 2021a, p 2). Meanwhile, national authorities do not possess the sufficient data on the available digital labour platforms, or its employees, such as terms and conditions that apply on the worker, employment status of the worker, or even having the approval to work from national authorities (European Commission, 2021a, p 2). Thus, the proposal recognizes the issue that national authorities do not have insight in who is working, and whether they are certified to work. The proposal seeks to promote fairness, transparency, and accountability in algorithmic management for platform workers by introducing new material rights that expand upon existing safeguards for automated decision-making systems in the General Data Protection Regulation (GDPR) and proposing obligations for providers and users of AI systems regarding transparency and human oversight, building on the proposed Artificial Intelligence Act (Otto, 2022). It is then that three objectives are mentioned that would ensure a sustainable growth and healthy working environment for and at digital labour platforms operating in the EU.
The first objective is giving the platform workers the correct employment status in order to enjoy “applicable and social protection rights” (European Commission, 2021a, p 3). When the directive would be enforced, platform workers would be seen as full-fledged workers and would enjoy “guaranteed rest time and paid holidays; at least the national or sectoral minimum wage (where applicable); safety and health protection; unemployment, sickness and health care benefits; maternity, paternity and parental leave; pension rights; benefits relating to accidents at work and occupational diseases” (European Commission, 2021b, p 2). Interestingly enough, the following section within the proposal does mention that “this framework is expected to benefit both the false and the genuine self-employed working through digital labour platforms” (European Commission, 2021a, p 3). However, throughout the proposal it is not explained in what way false or genuine workers are identified, nor can it be found in any other relevant sources. If this passage does apply to the ghost riders of Uber Eats, it does mean that they might enjoy the safety and conditions that the proposal tries to bring forth. It does not however address the dubious acts by riders of Uber Eats or hold Uber Eats accountable in that regard.
The second objective is “to ensure fairness, transparency and accountability in algorithmic management in the platform work context” (European Commission, 2021a, p 3). This is aspired to be achieved by implementing certain material rights for platform workers, such as the right to transparency regarding the use of algorithmic systems by labor platforms, decision-making systems, the establishment for appropriate channels to discuss and review certain decisions made with automated systems and ensuring human monitoring on the impact of automated decision making (European Commission, 2021a, p 3-4). This is supported by Chapter III Article 6 in which Member States are required to ensure that digital labour platforms inform platform workers about the use of automated monitoring systems, the types of actions monitored, supervised, or evaluated, and if outsourced to clients (European Commission, 2021a). This does coincide with the provisions in the GDPR enshrining comprehensive and specific information rights (Otto, 2018). Article 7 requires platforms to monitor and evaluate the impact of automated monitoring and decision-making systems on working conditions, focusing on risks related to the health and safety of employed platform workers and implementing appropriate preventive and protective measures (European Commission, 2021a). It needs to be mentioned that this article lacks details on documenting risk assessment outcomes and notifying relevant parties (Otto, 2018). This however would solely apply to workers who are fully-fledged employees and would not be applicable to other mentioned workers. The objective and accompanied articles in Chapter III do provide for interesting information rights and for human intervention in automated decision making and systems, but it does not provide for any specific safeguards against the abuse of automated and digital systems of digital labour platforms, nor does it state any obligations towards digital labour platforms in ensuring a safe and sustainable digital system in which digital labour workers operate in (European Commission, 2021a).
The third and final objective states “to enhance transparency, traceability and awareness of developments in platform work and improve enforcement of the applicable rules for all people working through platforms, including those operating across borders” (European Commission, 2021a, p 3). This is said to be achieved by introducing concrete measures such as enforcing obligations on digital labor platforms to declare platform labor to competent authorities of the applicable Member States (European Commission, 2021a, p 3). Digital labor platforms need to report on certain activities to competent authorities within the Member State that they operate, but also must grant access to relevant and basic information on their employees, such as the number of employees and their employment status (European Commission, 2021a, chapter IV, art 11 & 12). Although Article 11 and Article 12 in Chapter IV do make sure that relevant information and data is shared with national competent authorities, it does however refer back to the rules and procedures that are laid down in national legislation of Member States (European Commission, 2021a, chapter IV, art 11 & 12).
The dubious acts performed by riders of Uber Eats have the potential to be classified as cybercrimes, but it does not mean that they are by definition cybercrimes due to the high number of classifications: what constitutes a cybercrime? Nevertheless, it can be argued that the acts are forms of technological abuse and occur on digital systems of Uber Eats. Uber Eats does not actively pursue the dubious acts that occur within their systems, nor is there any legal framework that can held Uber Eats accountable for facilitating such dubious acts. In the end, classifying these acts as cybercrimes did not help in identifying an approach within the proposal, but it does provide an insight in the criminal acts that can occur on digital labour platforms such as Uber. The provision and execution of labour has increasingly digitalized and simultaneously has greatly impacted a wide group of workers (Aloisi & Potocka-Sionek, 2022). Such dubious acts that Uber Eats facilitate, do not contribute to a healthy economy and society within the EU. Though not the point of this paper, but it is important to recognize that Uber Eats facilitates an unhealthy and unsafe working environment for workers who are less fortunate, and who are dependent on this type of work that can create fast money with low barriers for entry.
When looking at the first page of the proposal for a Directive on improving working conditions in platform work, one of the objectives of the EU “is the promotion of the well-being of its peoples and sustainable development of Europe based on a highly competitive social market economy, aiming at full employment and social progress” (European Commission, 2021a, p 1). Although the EU commission’s proposal does provide for legal status for platform workers, or the demand for transparency on the use of automated systems and decision making. It does not address the unhealthy economic tendencies that digital labour platforms systems such as Uber facilitate. But most importantly, it does not address any illegal or dubious acts that might occur on digital labour platforms. The proposal does address the challenges that digital labor platforms bring as they can cause “implications for Member States’ industrial relations systems, their tax base and the coverage and sustainability of their social protection systems” (European Commission, 2021a, p 21).
The question is, will such a directive be sufficient to address the issues happening at digital labour platforms when revised? Or should there be a specified approach to different types of digital labour platforms and their automated systems? One thing is for certain, it should not be left to Member States and national legislation. Digital facilitated issues have the characteristic of crossing borders, which in return might be asking for a general EU approach. Overall, the proposal is a positive step towards ensuring that platform workers are treated fairly and have access to positive working conditions. But it does lack the awareness and accuracy on social and economic issues that digital labour platforms potentially bring to the labour market.
 ‘Proposal for a Directive of the European Parliament and of the Council on Improving Working Conditions in Platform Work’ (9 December 2021) 2021/0414 (COD), p 21.
Aloisi, A., & Potocka-Sionek, N. (2022). De-gigging the labour market? An analysis of the “algorithmic management” provisions in the proposed Platform Work Directive. Zenodo (CERN European Organization for Nuclear Research). https://doi.org/10.6092/issn.1561-8048/15027
Bianchi, C. (2022). Italy. In E. McNicholas (Ed.), ICLG – Cybersecurity Laws and Regulations. Global Legal Group. https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/italy
Bishop, P. (2020). Legislative Frameworks: The United Kingdom. In T. J. Holt & A. M. Bossler (Eds.), The Palgrave Handbook of International Cybercrime and Cyberdeviance (pp. 281–304). Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-78440-3_4
Broadhurst, R. (2022). Cybercrime: Thieves, Swindlers, Bandits, and Privateers in Cyberspace. In P. Cornish (Ed.), The Oxford Handbook of Cyber Security (pp. 89–108). Oxford University Press. https://doi.org/10.1093/oxfordhb/9780198800682.013.5
De Stefano, V., & Aloisi, A. (2018). European Legal Framework for “Digital Labour Platforms” (No. JRC112243). European Commission. https://doi.org/10.2760/78590
Dutch Civil Code. (1992). Book 7. Retrieved from http://www.dutchcivillaw.com/civilcodebook077.htm
Dutch Criminal Code. (1881). Retrieved from https://antislaverylaw.ac.uk/wp-content/uploads/2019/08/Netherlands-Criminal-Code.pdf
European Commission. (2021a). Proposal for a Directive of the European Parliament and of the Council on improving working conditions in platform work. COM(2021) 762 final. Retrieved from https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A52021PC0762
European Commission. (2021b). Factsheet: Improving working conditions in platform work. Retrieved from https://ec.europa.eu/social/BlobServlet?docId=24991&langId=en
Furnell, S. (2020). Technology Use, Abuse, and Public Perceptions of Cybercrime. In T. J. Holt & A. M. Bossler (Eds.), The Palgrave Handbook of International Cybercrime and Cyberdeviance (pp. 45–66). Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-319-78440-3_9
Gebrial, D. (2022). Racial platform capitalism: Empire, migration and the making of Uber in London. Environment and Planning A, 0308518X2211154. https://doi.org/10.1177/0308518×221115439
Konle-Seidl, R., & Danesi, S. (2022). Literature review on digitalisation and changes in the world of work. Policy Department for Economic, Scientific and Quality of Life Policies, European Parliament. Retrieved from https://www.europarl.europa.eu/RegData/etudes/STUD/2022/733986/IPOL_STU(2022)733986_EN.pdf
Ministerie van Sociale Zaken en Werkgelegenheid. (2021, December 30). Work by foreign nationals. Netherlands Labour Authority. https://www.nllabourauthority.nl/topics/work-by-foreign-nationals
Otto, M. (2022). A step towards digital self- & co-determination in the context of algorithmic management systems. Itaian Labour Law E-Journal, 15(1), 51–64. https://doi.org/10.6092/issn.1561-8048/15220
Rengers, M., & Houtekamer, C. (2022a, September 15). Veel fietskoeriers zijn ongedocumenteerd en dus rechteloos. Zo leven de spookrijders van Uber en Deliveroo. NRC. https://www.nrc.nl/nieuws/2022/09/15/de-spookrijders-van-deliveroo-en-uber-eats-a4141976
Rengers, M., & Houtekamer, C. (2022b, September 15). Fietskoeriers Uber en Deliveroo werken zonder papieren. NRC. https://www.nrc.nl/nieuws/2022/09/15/fietskoeriers-uber-en-deliveroo-werken-zonder-papieren-2-a4142077
Sarre, R., Lau, L., & Chang, L. Y. (2018). Responding to cybercrime: current trends. Police Practice and Research, 19(6), 515–518. https://doi.org/10.1080/15614263.2018.1507888