Foodinho Srl – €5,000,000 Fine (Italy, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Food delivery service Foodinho Srl was fined for collecting location data from drivers without their consent and sharing it with third parties. This is important because it shows that businesses must respect user privacy and obtain permission before using personal data. It also highlights the need for transparency in how data is processed.
What happened
Foodinho Srl unlawfully processed the location data of about 35,000 drivers without their knowledge or consent.
Who was affected
Approximately 35,000 drivers using the Foodinho app were affected by the data collection practices.
What the authority found
The Italian Data Protection Authority found that Foodinho Srl violated multiple GDPR articles by failing to obtain consent and properly inform drivers about data processing.
Why this matters
This ruling sets a strong precedent that companies must prioritize user consent and transparency in their data practices. It serves as a warning for other businesses to review their data collection methods.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Italian DPA has fined the food delivery service Foodinho Srl EUR 5 million for unlawfully processing the data of approximately 35,000 drivers and for several violations of the GDPR. The DPA's investigation revealed that the company collected drivers' location data without their knowledge or consent—not only during working hours but also when the app was running in the background or inactive. Additionally, the DPA found that the company shared driver data with third parties without a valid legal basis. The investigation also uncovered that automated data processing was used for functions such as the evaluation system and task allocation during shifts, but the company had failed to implement necessary GDPR measures, such as allowing human intervention or enabling drivers to contest decisions made through the automated systems. Furthermore, biometric data, including facial recognition, was used without a valid legal basis. The investigation also revealed that drivers whose accounts were blocked received only standardized messages, with no information provided about their rights to appeal.
Violations (1)
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Foodinho Srl in IT
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
13 November 2024
Authority
Garante per la protezione dei dati personali
Fine Amount
€5,000,000
Enforcement Tracker ID
ETid-2531
About this data
Cite as: Cookie Fines. Foodinho Srl - Italy (2024). Retrieved from cookiefines.eu
Last updated: