It is likely that the docker group inside the image does not have the same group id as the host. Check the group id of docker inside the container:

$ getent group docker | cut -d: -f3

When you use group_add: docker it looks up the docker group inside the container, so your user won't have the right permissions. Since you are mounting the docker.sock file, it will use the host permissions (including ids), so you need to provide the correct id.

I have not got this to work in my environment in a workable fashion and resorted to a shell script instead of docker-compose since it worked in my use case and I am not using the extra functionality docker-compose provides.

#!/bin/bash

DOCKER_GROUP=$(getent group docker | cut -d: -f3)
docker run \
    -v /var/run/docker.sock:/var/run/docker.sock \
    --group-add $DOCKER_GROUP \
    workers/data-handler:1.0.2