Description

Issued State Data Protection Inspectorate ruling imposing a fine against Vinted over violations of GDPR

On 3 July 2024, the Lithuanian State Data Protection Inspectorate (SDPI) issued a ruling concerning its investigation into Vinted over violating the General Data Protection Regulation (GDPR) and imposed a fine of EUR 2'385'276. The fine followed complaints from French and Polish authorities regarding the company's handling of the right to erasure and right of access requests. The investigation found Vinted guilty of unlawful, unfair, and non-transparent data processing practices, including “shadow blocking”, which impeded users' ability to exercise their GDPR rights. Furthermore, the SDPI noted Vinted's insufficient technical and organisational measures to ensure accountability. The fine amount considered the cross-border nature of Vinted's operations and the prolonged impact on a large number of data subjects. The decision, coordinated with other EU data protection authorities, can be appealed within a month.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
platform intermediary: e-commerce
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2024-07-03
in force

On 3 July 2024, the Lithuanian State Data Protection Inspectorate (SDPI) issued a ruling concerning…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.