Post-GDPR, Deliveroo Probed Over Data Security

Post-GDPR, Deliveroo Probed For Data Security Lapse, Fraudulent Orders

The General Data Protection Regulation (GDPR), which went into effect May of 2018, has had some serious repercussions on tech companies all over Europe, but especially in the U.K.

The latest company to be affected may be food delivery app Deliveroo, according to a report in the Financial Times. The U.K. data protection watchdog is looking into the company after it reported “limited fraudulent activity” on some customers’ accounts.

Some customers complained that they’d been charged for orders they didn’t make, including one case in particular worth almost £1,000.

This is not the first time that Deliveroo has dealt with this issue, either. In 2016, customers took to social media to complain about a similar thing.

The Information Commissioner’s Office (ICO) said it was contacted by Deliveroo and was looking into it.

“The activity reported arises from customers using the same usernames and passwords on multiple online accounts and those details being involved in a data breach on another platform, not on Deliveroo,” a Deliveroo spokesperson said. “As soon as any customer makes us aware of fraudulent activity we immediately suspend their account to prevent further fraud. Deliveroo takes this issue extremely seriously and is constantly working to combat fraud on behalf of our users.”

Last week on Twitter, one customer said, “You still haven’t replied to any communications so how is that going to put me at ease? You have allowed nearly £1k of fraudulent transactions on my card. Fix it.”

Deliveroo replied to the comment and the money was refunded later the same day.

The GDPR has had a serious effect on tech companies, and one report found that some of the world’s biggest tech companies aren’t being compliant. In fact, of 14 major tech companies, a third had privacy clauses that were “potentially problematic” or contained “insufficient information.”

Another study found that only 29 percent of EU firms are GDPR compliant in the first place, and between May 25 and July 3 of 2018, there were 6,281 potentially GDPR-related complaints filed with the Information Commissioner’s Office.


Latest Insights: 

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The July 2019 Pay Advances: The Gig Economy’s New Normal, a PYMNTS and Mastercard collaboration, examines pay advances – full or partial payments received before an ad hoc job is completed – including how gig workers currently use them and their potential for future adoption.


To Top