Foodinho s.r.l. – €2,600,000 Fine (Italy, 2021)

€2,600,000Garante per la protezione dei dati personali10 June 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Foodinho, an Italian food delivery service, was fined for mishandling drivers' data. The company failed to inform drivers about how their data was used and stored it longer than necessary. This highlights the need for transparency and proper data management in businesses using automated systems.

What happened

Foodinho was fined for not informing drivers about data processing and for storing data longer than needed.

Who was affected

Drivers working for Foodinho, whose data was processed and stored by the company.

What the authority found

The Italian DPA fined Foodinho for failing to inform drivers about data processing and for violating data minimization and storage limitation principles.

Why this matters

This case illustrates the importance of transparency and data management in automated systems. Companies should ensure they inform employees about data use and limit data storage to necessary periods.

GDPR Articles Cited

AI-verified

Art. 13 GDPR
Art. 25 GDPR
Art. 32 GDPR
Art. 35 GDPR
Art. 5(1)(a) GDPR
Art. 22(3) GDPR
Art. 30(1)(a) GDPR
Art. 37(7) GDPR
View original scraped data
Art. 5(1)(a) GDPR
c)
e) GDPR
Art. 13 GDPR
Art. 22(3) GDPR
Art. 25 GDPR
Art. 30(1)(a) GDPR
b)
f)
g) GDPR
Art. 32 GDPR
Art. 35 GDPR
Art. 37(7) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
verified correct
Italy enforcementGarante per la protezione dei dati personali actionsAll Foodinho s.r.l. actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has fined Foodinho s.r.l. EUR 2,600,000. Foodinho is an Italian food delivery service. The investigation against Foodinho mainly focused on the drivers of Foodinho. In the process, the DPA found some serious violations of applicable data protection regulations. Thus, the DPA identified some irregularities concerning the algorithms of the Foodinho system. In particular, the DPA found that the controller had not adequately informed employees about how the system worked and did not guarantee the accuracy and correctness of the results of the algorithms used to evaluate drivers. Furthermore, the DPA found violations of the principles of data minimization as well as memory limitation. For example, the systems processed drivers' data to an extent that exceeded the purpose of the processing and, in some cases, stored the data significantly longer than necessary. In addition, the controller had not taken sufficient technical and organizational measures to ensure secure data processing. The controller had also not conducted a data protection impact assessment, although this would have been necessary due to the considerable amount of data of different types relating to a significant number of data subjects. Separate proceedings are being conducted against the parent company GlovoApp23 by the Spanish DPA (AEPD).

Related Enforcement Actions (0)

No other enforcement actions found for Foodinho s.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

10 June 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€2,600,000

Enforcement Tracker ID

ETid-743

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Foodinho s.r.l. - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: