Glovo, the food delivery platform, has been penalized following an investigation by the President of the Office for Personal Data Protection in Poland for its handling of user data through its mobile application. This investigation focused on the platform's practice of requesting scans or photographs of identity documents from users suspected of fraudulent activities, such as attempted theft of orders, use of counterfeit money, or discrepancies between payment card information and user data. These additional identity verifications raised concerns regarding the platform's compliance with GDPR regulations.

Regulators found that Glovo's defenses, citing Article 6(1)(f) of the GDPR, which allows processing of personal data for legitimate interests, were not sufficient to justify such practices. The company argued that these requests were rare and necessary for verifying identities in potential fraud cases. Despite this, the regulatory authority emphasized that the processing of sensitive personal data should be executed with utmost caution, ensuring the protection of user privacy and compliance with legal standards regarding data handling.

This case serves as a significant reminder for companies operating within the EU, highlighting the strict enforcement of GDPR regulations regarding personal data processing. The decision underlines the importance of protecting user privacy and sets a precedent for other digital platforms that might employ similar verification methods, necessitating a thorough reevaluation of their data handling practices to avoid similar penalties in the future.