Abstract

The fast growth of the gig economy in the post-covid era has brought in a structural collision between the logic of operation of digital platforms and the principles of law of data protection. However, gig workers are left in a liminal situation: through every interaction with the digital platform, a gig worker generates a huge amount of data which is not safeguarded effectively by the current legal framework. This paper tries to compare the doctrines of two impactful data protection regimes in the context of gig workers: India’s Digital Personal Data Protection Act 2023 (hereinafter “DPDP Act”) and European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”) read along with the Platform Work Directive (Directive (EU) 2024/2831, “PWD”). This analysis focuses on the concept of consent as the basis of data processing and whether the notion of consent, as conceived in both frameworks, is strong enough to safeguard the interests of the workers who are critically dependent on digital platforms for their livelihood. This paper argues that while the EU framework, especially after PWD, has decentralised the mandate of consent in the context of platform work and introduces categorical prohibitions and strong demands for algorithmic transparency in its place, the DPDP Act in India sticks to a formal model of consent which is inadequate in the power-asymmetrical relations of platform labour.

Keywords