Summary Final Decision Art 60
Complaint
Infringement of the GDPR
Background information
Date of final decision: 8 November 2019
LSA: LV
CSAs: All SAs
Legal Reference: Transparency (Article 12), Information (Articles 13 and 14)
Decision: Infringement of the GDPR, Fine
Key words: Transparency, Information, E-commerce, Identity of the controller
Summary of the Decision
Origin of the case
The complainant alleged that he did not receive information on the identity of the controller before submitting his order on the online retail platform. Moreover, the complainant contended that the privacy policy available on the website was not in conformity with the GDPR.
Findings
During its investigation, the LSA found that the controller was a Latvian company performing retails sales through several websites, including the one used by the complainant to order his goods.
After establishing the identity of the controller, the LSA found that the privacy policy on the website did not provide information on the identity of the controller, the legal basis of the data processing, its purposes and the way data subjects’ consent is collected.
Decision
The LSA found that the controller did not comply with his obligations under the GDPR and imposed a fine of 150,000 euros.
—
This text has been converted automatically from the PDF available via
https://edpb.europa.eu/our-work-tools/consistency-findings/register-for-article-60-final-decisions_en
using Apache Tika to allow for a better search. This might result in some characters being mangled.
Please see the original file for the official wording at
https://edpb.europa.eu/sites/edpb/files/article-60-final-decisions/summary/publishable_lv_2020-01_transparency_and_information_summarypublic.pdf
Please see also EDPB Copyright page