Digital labour platforms are recklessly harvesting and sharing personal data in blatant violation of data protection laws. In November 2024, our reverse-engineering work helped trigger a €5 million fine against Glovo, a multinational food delivery platform. Now, backed by a generous grant from the European AI & Society Fund, we’re preparing for an even bigger push.

Reverse-engineering with workers

The Glovo case showed that a single, well-documented technical investigation can lead to real-world consequences for exploitative platforms. None of this would have been possible without the direct participation of workers. Our breakthrough came when riders joined our technical investigation of the Glovo app installed on their phones. The evidence we gathered showed that workers’ locations were being tracked even outside of shifts — and shared with multiple marketing companies.

We’re now pushing this approach further. Our team is shipping a plug-and-play VPN kit that securely routes a worker’s app traffic through our analysis servers. This toolkit dramatically lowers the barrier for workers or their supporters to collect evidence without needing a specialized security lab.

In the coming months, we’ll test these tools with food delivery workers across Europe. We’re also expanding beyond delivery platforms to explore how AI-powered mobile apps and software are being used — and potentially abused — in other sectors of platform work.

Since our work depends on collaboration, we’re working closely with those who support and fight alongside workers — trade unions, worker collectives, and NGOs. Together, we’ll co-design workshops that combine technical walkthroughs with legal strategy sessions. These workshops help us understand what workers need and test how easy our tools are to use.

Holding employers accountable

Our ultimate goal is to hold employers accountable through solid, technical evidence that supports legal action.

That goal became reality when the Italian Data Protection Authority issued a historic decision: a €5 million fine against Glovo and an order to change its practices to comply with the General Data Protection Regulation (GDPR).

We want to replicate this success across Europe by expanding our network of partners in different Member States — especially in places where platform companies exploit legal gray zones or the absence of strong union protections.

We’re also working to share what we learn. We’ll publish an open-source handbook that unions and worker collectives can adapt for their own purposes. It will explain our methodology, outline types of technical analysis, and guide users through potential legal actions. In the short term, this handbook will clarify collaboration with us. In the long term, it will empower others to conduct independent investigations.

We’re delivering this project in partnership with Info.Nodes an Italian non-profit supporting us with grant management and dissemination.

Help write the next chapter

We’re looking for people who want to challenge the power imbalance in the digital workplace. That might be:

  • An individual worker who suspects something is off in your workplace app or software.
  • A worker organiser or union representative wanting to better understand how a company collects and shares worker data.
  • A tech-savvy person interested in applying reverse-engineering skills in service of labour justice.
  • A legal expert looking to use technical evidence to support complaints or litigation with Data Protection Authorities.

If that sounds like you, reach out to us. Tell us a bit about yourself and your ideas — and we’ll be in touch: Let’s build power together!