Privacy Blog
The Finnish Supervisory Authority (SA) Fines Online Retailer Company € 856,000 for Failing to Define Storage Period of Customer Data
Kişisel Verilerin Korunması Hukuku, Data Protection Law
On May 8, 2024, the European Data Protection Board ("EDPB") published on its official website the news that the Finnish Supervisory Authority ("The Finish SA") investigated the activities of online retailer Verkkokauppa.com, which requires customer account before online shopping.
According to the announcement;
- The controller did not indicate the retention period of the data collected for the customer accounts of its online store.
- The Finnish SA found that the data of customer accounts was stored permanently.
- According to the controller, the customers determined the retention period of their data, as they could request the closure of their accounts and deletion of their data if they desired. Therefore, details of individual purchases were stored for very long periods of time.
- In addition, the controller's practice of requiring the setting up of a customer account to make online purchases violated data protection law.
As a result;
- The Finnish SA imposed an administrative fine of €856,000 on the controller for failing to define the retention period for customer account data.
- The controller was ordered to set an appropriate retention period for customer account data and to correct the practice of mandatory registration.
- The company was also given a reprimand for practices in violation of data protection law.
You can reach further information here.
You can reacher to the Finnish SA’s press release here.
Kind regards,
Zumbul Attorneys at Law