GlovoApp23 SA – €15,000 Fine (Spain, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
GlovoApp23 SA was fined for not providing a delivery driver with a recording of a conversation he requested under data protection laws. The Spanish data authority found that the company failed to properly respond to the driver's request for access to his personal data. This case emphasizes the importance of responding to access requests correctly and promptly.
What happened
GlovoApp23 SA refused to provide a delivery driver with a recording of a conversation after he requested it under GDPR.
Who was affected
A Polish delivery driver who sought access to a recording of his conversation with Glovo's assistance service.
What the authority found
The Spanish DPA ruled that GlovoApp23 SA did not adequately respond to the driver's access request, leading to the fine.
Why this matters
This case serves as a reminder for companies to have clear procedures for handling access requests. Failing to do so can result in fines and damage to reputation.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject, a Polish delivery driver, after facing some issues with a delivery, contacted the deliverers’ assistance service and had a conversation with an employee. Since the data subject wanted to use this conversation to initiated legal proceedings against the controller, they asked the assistance service to provide them with the recording of the conversation. The controller refused to provide this recording. After that, the data subject sent the controller, through the deliverers’ assistance service portal, an access request under Article 15 GDPR. The controller reiterated that it cannot provide the recording and did not act further on the access request. Therefore, the data subject filed a complaint with the Polish DPA. Since the main establishment of the controller is in Spain, the Polish DPA forwarded the complaint to the Spanish one pursuant to Article 56 and 60 GDPR. The controller argued that the access request was not sent through the dedicated email address, but through the messaging system dedicated to deliverers’ issues. Moreover, it argued that it had not been aware of this access request until the DPA forwarded the request to it. Furthermore, it noted that it had internal policies instructing all employees to escalate GDPR requests to the DPO office and that, in the case at hand, the delay was caused by the fact that only one employee had not complied with these policies. Finally, it pointed out that the data subject did not initiate the legal proceeding they threatened to begin in their first message to the controller. First, the DPA rejected the controller’s argument regarding the fact that the data subject did not use the dedicated email address for access requests. It pointed out that the data subject had sent his access request through a portal which was acknowledged by the controller as suitable for the submission of deliverers’ requests. According to the DPA, if the person receiving the message was not able to deal with GDPR issues,
Related Enforcement Actions (0)
No other enforcement actions found for GlovoApp23 SA in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
9 July 2024
Authority
Agencia Española de Protección de Datos
Fine Amount
€15,000
GDPRhub ID
gdprhub-8252About this data
Cite as: Cookie Fines. GlovoApp23 SA - Spain (2024). Retrieved from cookiefines.eu
Last updated: