Vinted receives GDPR fine of 2.4 million euros
- July 3, 2024
- 0
Vinted, the operator of the online platform for second-hand clothing, receives a fine of 2.4 million euros for violating GDPR rules. The investigation, which began in 2021, was
Vinted, the operator of the online platform for second-hand clothing, receives a fine of 2.4 million euros for violating GDPR rules.
The investigation, which began in 2021, was conducted in response to user complaints about Vinted’s processing of data deletion and access requests. The State Data Protection Inspectorate (SDPI) found that Vinted did not provide users with sufficient reasons why their data was not deleted, as required under Article 17 of the GDPR. In addition, the company withheld certain information about further data processing, which violates the GDPR’s transparency requirements.
In addition, the investigation found that Vinted applied “shadow blocking,” which means that users who may violate platform rules are unknowingly blocked. This practice violates the principles of fairness and transparency as set out in the GDPR and hinders users in their right to data protection.
The result is a fine of 2.4 million euros for violating the GDPR rules.
Measures and responsibility
The SDPI also found that Vinted had not implemented sufficient technical and organizational measures to meet the GDPR’s accountability requirements. The company could not demonstrate that it had taken or denied appropriate action in response to users’ requests for access to their data.
In setting the fine, the SDPI took into account the guidelines of the European Data Protection Board (EDPB) of May 2023. Factors such as the cross-border nature of Vinted’s data processing, the large number of data subjects and the long duration of the violations played a role in determining the amount of the fine.
The matter was discussed in a closed session with representatives of SDPI and Vinted. The decision was coordinated with the supervisory authorities of other EU member states, including Germany, France, Poland, the Netherlands and Spain, in accordance with the GDPR’s “one-stop-shop” principle.
According to Lithuanian legislation on administrative proceedings, Vinted has the opportunity to appeal the decision to the Administrative Court of the Regions within one month.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
