摘要: 2017年7月Glovo-Foodinho公司被罚案在平台经济发展中具有重要里程碑意义。本案核心在于平台作为数据控制者，在处理骑手个人数据时未能满足条例在数据基本处理原则、限期存储及自动化决策等方面的严格要求。具体违规行为包括：信息告知书缺乏对地理位置数据收集方式及算法评分系统的具体说明，违反透明原则；未履行充分告知义务，违反公平原则；未区分数据类型与使用目的设置差异化存储期限，违反限期存储原则。此外，平台未进行数据保护影响评估，且其通过算法对骑手工作分配与评分实施自动化决策的行为缺乏透明度与人工干预机制。本案中监管机构通过援引国内劳动法规范，将条例第88条关于“雇佣语境下数据处理”的规定与劳动法衔接，强化了对平台用工场景中劳动者数据权益的保障。研究此案对我国平台经济的算法管理具有重要意义，在平台经济蓬勃发展的背景下，有必要在《个人信息保护法》框架下细化算法透明度要求，推动数据保护与劳动法、人工智能治理等领域的协同监管，并通过完善个人信息保护影响评估制度，提升平台企业在数据处理活动中的合规水平。

Abstract: The July 2017 fine case against Glovo-Foodinho holds significant milestone significance in the development of the platform economy. The core of this case lies in the plat-form’s failure, as a data controller, to comply with the stringent requirements of the General Data Protection Regulation (GDPR) regarding fundamental data processing principles, storage limitation, and automated decision-making when handling riders’ personal data. Specific violations include: the information notice lacking detailed explanations on how geographic location data is collected and the algorithmic scoring system, violating the principle of transparency; failure to fully inform, violating the principle of fairness; and not setting differentiated storage periods based on data type and purpose, violating the principle of storage limitation. In addition, the platform did not conduct a data protection impact assessment, and its automation of decision-making regarding rider job allocation and scoring through algorithms lacked both transparency and human intervention mechanisms. In this case, the regulatory agency invoked domestic labor regulations, linking Article 88 of the regulation on “data processing in the employment context” with labor law, thereby strengthening the protection of workers' data rights in platform employment scenarios. Studying this case is of great significance for algorithmic management in China's platform economy. Under the background of the burgeoning platform economy, it is necessary to refine algorithm transparency requirements within the framework of the Personal Information Protection Law, promote coordinated regulation across data protection, labor law, and artificial intelligence governance, and enhance compliance levels of platform enterprises in data processing activities through improving the personal information protection impact assessment system.