ANSPDCP (Romania) - Fine against Urban Home Development S.R.L.: Difference between revisions
(Created page with "{{DPAdecisionBOX |Jurisdiction=Romania |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoRO.jpg |DPA_Abbrevation=ANSPDCP |DPA_With_Country=ANSPDCP (Romania) |Case_Number_Name=Fine against Urban Home Development S.R.L. |ECLI= |Original_Source_Name_1=ANSPDCP |Original_Source_Link_1=https://www.dataprotection.ro/?page=Comunicat_Presa_27_05_2024&lang=ro |Original_Source_Language_1=Romanian |Original_Source_Language__Code_1=RO |Original_Source_Name_2= |Original_Source_L...") |
No edit summary |
||
| Line 73: | Line 73: | ||
First, [[Article 13 GDPR#1a|Article 13(1)(a) GDPR]] establishes that when the controller collects personal data from the data subject, it must inform the data subject of the identity and contact details of the controller. In the present case, the DPA discovered that the controller did not display the name and identity of the controller. Therefore, the DPA found a breach of [[Article 13 GDPR#1a|Article 13(1)(a) GDPR]]. | First, [[Article 13 GDPR#1a|Article 13(1)(a) GDPR]] establishes that when the controller collects personal data from the data subject, it must inform the data subject of the identity and contact details of the controller. In the present case, the DPA discovered that the controller did not display the name and identity of the controller. Therefore, the DPA found a breach of [[Article 13 GDPR#1a|Article 13(1)(a) GDPR]]. | ||
Second, Article 4(5) of the | Second, [https://legislatie.just.ro/Public/DetaliiDocument/56973 Article 4(5) of the Legea nr. 506/2004 ('Law 506/2004')], storing or obtaining access to information stored on a user’s terminal equipment is only permitted if the user has been provided with clear and complete information before giving consent. The DPA considered that the controller installed cookies on the data subject’s device before the latter gave consent. Therefore, the DPA found a breach of [https://legislatie.just.ro/Public/DetaliiDocument/56973 Article 4(5) of Law 506/2004]. | ||
The DPA therefore issued a €2,010 (RON 10,000) fine against the controller. The DPA also ordered the controller to complete its privacy policy with the necessary information provided for in [[Article 13 GDPR#1a|Article 13(1)(a) GDPR]] and reconfigure the way cookies are installed on the users’ devices in order to comply with Article 4(5) Law 506/2004. | The DPA therefore issued a €2,010 (RON 10,000) fine against the controller. The DPA also ordered the controller to complete its privacy policy with the necessary information provided for in [[Article 13 GDPR#1a|Article 13(1)(a) GDPR]] and reconfigure the way cookies are installed on the users’ devices in order to comply with [https://legislatie.just.ro/Public/DetaliiDocument/56973 Article 4(5) Law 506/2004]. | ||
== Comment == | == Comment == | ||
[https://legislatie.just.ro/Public/DetaliiDocument/56973 Legea nr. 506/2004] is a national Romanian law which implements the [https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02002L0058-20091219 ePrivacy directive] into national law. | |||
== Further Resources == | == Further Resources == | ||
Latest revision as of 12:47, 3 June 2024
| ANSPDCP - Fine against Urban Home Development S.R.L. | |
|---|---|
 | |
| Authority: | ANSPDCP (Romania) |
| Jurisdiction: | Romania |
| Relevant Law: | Article 13(1)(a) GDPR Article 4(5) Legea nr. 506/2004 |
| Type: | Investigation |
| Outcome: | Violation Found |
| Started: | |
| Decided: | |
| Published: | 27.05.2024 |
| Fine: | n/a |
| Parties: | Urban Home Development S.R.L. |
| National Case Number/Name: | Fine against Urban Home Development S.R.L. |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Romanian |
| Original Source: | ANSPDCP (in RO) |
| Initial Contributor: | nzm |
The DPA issued a €2,010 (RON 10,000) against a controller for not displaying its name and identity on its website and for installing cookies which were not technically necessary for the functioning of the website before the data subject gave consent.
English Summary
Facts
The controller did not display the name and identity of the controller responsible for processing the personal data on its website. Cookies, which were not technically necessary for the functioning of the website, were also installed on the data subjects’ device before they could give consent.
Holding
First, Article 13(1)(a) GDPR establishes that when the controller collects personal data from the data subject, it must inform the data subject of the identity and contact details of the controller. In the present case, the DPA discovered that the controller did not display the name and identity of the controller. Therefore, the DPA found a breach of Article 13(1)(a) GDPR.
Second, Article 4(5) of the Legea nr. 506/2004 ('Law 506/2004'), storing or obtaining access to information stored on a user’s terminal equipment is only permitted if the user has been provided with clear and complete information before giving consent. The DPA considered that the controller installed cookies on the data subject’s device before the latter gave consent. Therefore, the DPA found a breach of Article 4(5) of Law 506/2004.
The DPA therefore issued a €2,010 (RON 10,000) fine against the controller. The DPA also ordered the controller to complete its privacy policy with the necessary information provided for in Article 13(1)(a) GDPR and reconfigure the way cookies are installed on the users’ devices in order to comply with Article 4(5) Law 506/2004.
Comment
Legea nr. 506/2004 is a national Romanian law which implements the ePrivacy directive into national law.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Romanian original. Please refer to the Romanian original for more details.
27.05.2024 Another fine for GDPR violation The National Supervisory Authority completed an investigation at the company Urban Home Development S.R.L. and found that it violated the provisions of art. 13 para. (1) lit. a) from Regulation (EU) 2016/679 (RGPD) and of art. 4 para. (5) lit. a) from Law no. 506/2004 on the processing of personal data and the protection of private life in the electronic communications sector. The operator was penalized with a fine of 10,000 lei, for violating the provisions of art. 4 para. (5) lit. a) from Law no. 506/2004 and with a warning for violating the provisions of art. 13 para. (1) lit. a) GDPR. The investigation was carried out as a result of a notification that signaled a possible violation of the legal provisions regarding the processing of personal data, as the operator's website did not display the information regarding the rights of the persons concerned according to the RGPD, nor the information regarding the use of cookies. During the investigation, the National Supervisory Authority noted that the operator URBAN HOME DEVELOPMENT S.R.L. violated the provisions of art. 13 para. (1) lit. a) from the RGPD as it does not display on its website information regarding the name/identity of the operator responsible for the processing of personal data. It was also found that by accessing the website managed by URBAN HOME DEVELOPMENT S.R.L., cookie modules were installed on the user's device before the consent was granted and which were not technically necessary for the operation of the website. Thus, the operator stored cookie module type information in violation of the provisions of art. 4 para. (5) lit. a) from Law no. 506/2004. At the same time, the following corrective measures were ordered against the operator: to complete the privacy policy on the website with the necessary information provided by art. 13 para. (1) lit. a) from GDPR; to reconfigure the way of installing cookies modules on the devices of website users. Legal and Communication Department A.N.S.P.D.C.P.
