A fresh setback for Glovo. Italy has issued a five-million-euro fine against the company behind the home delivery app after investigators concluded the firm violated the privacy of more than 35,000 riders through its digital platform. The ruling touches on Italian labor laws and European data protection standards, signaling that regulators are intensifying scrutiny of how gig economy firms handle worker data. The decision was handed down by the Italian Data Protection Authority following a lengthy inquiry that examined geolocation practices, data sharing, and the transparency of algorithmic decisions.
After a year-long inquiry, authorities concluded that Foodinho SRL, the Glovo affiliate in Italy, engaged in unduly discriminatory use of riders personal data by tracking their movements even outside shifts and by using a hidden performance scoring system that could influence assignments and pay. The level of surveillance appeared to exceed legitimate business needs, raising questions about proportionality and consent.
Glovo’s Italian subsidiary, founded by Catalan entrepreneur Óscar Pierre, not only tracks riders geolocation constantly but also shares that data with other firms without consent. Investigators noted geolocation data is transmitted even when the rider is not working, the app runs in the background, and until August 2023 even when the app was not active. The scope of data sharing and background transmission went beyond what privacy rules typically allow, prompting regulators to demand changes.
Denying riders’ rights
The investigation found that the platform’s algorithmic system did not comply with the General Data Protection Regulation because it denied riders the right to obtain human intervention, to express their views, and to challenge a decision produced by the system. This denial undermines due process and access to remedy for workers who rely on app-based decisions for work availability, pay, and status.
To remedy the situation, the regulator ordered measures to correct these infringements, including ensuring that decisions made by the algorithm are subject to review by trained human operators. It also prohibited the use of biometric tools like facial recognition to verify the identity of riders. These steps aim to restore transparency and accountability in algorithmic management.
Pioneering investigation
The case owed much to Reversing.Works, a group of technologists who apply reverse-engineering techniques to study digital platforms. Their analysis helped authorities understand how data collection and processing operate at a systems level. They argued that Glovo’s behavior reflects a broader pattern in the surveillance capitalism ecosystem, where app design and data flows are shaped by profit motives rather than rider welfare. Claudio Agosti, the study’s lead strategist, described the findings as indicative of a shared technical architecture across many apps.
Wave of fines
It is not the first time Italy has sanctioned Glovo for privacy lapses and lack of transparency. In July 2021 authorities fined Foodinho 2.6 million euros for similar concerns. Earlier this year the Spanish Data Protection Agency levied 550,000 euros against Glovo for failing to protect employee privacy.
Looking back to 2020, the Spanish Supreme Court ruled that Glovo couriers act as misclassified workers, a decision that opened the door to millions of euros in unpaid wages. The Barcelona Prosecutor’s Office has filed a criminal complaint against the company while the European Commission continues its broader probe into potential cartel behavior by Glovo and its parent in the European online food market.