UOOU - UOOU-00374/20: Difference between revisions
No edit summary |
|||
(3 intermediate revisions by one other user not shown) | |||
Line 50: | Line 50: | ||
}} | }} | ||
The Czech DPA fined a broadcaster | The Czech DPA fined a broadcaster €3800 for not cooperating during an inspection. The controller also violated Article 12(1) and (2) GDPR by providing outdated and incomplete privacy policy on its website. | ||
== English Summary == | == English Summary == | ||
Line 62: | Line 62: | ||
It was further verified that the controller had taken technical and organizational measures within the meaning of Article 32 GDPR and documented it in the privacy policy. The security measures had been regularly updated. | It was further verified that the controller had taken technical and organizational measures within the meaning of Article 32 GDPR and documented it in the privacy policy. The security measures had been regularly updated. | ||
=== Holding === | === Holding === | ||
The inspection revealed a violation of Article 12(1) GDPR and Article 12(2) GDPR, for which a fine was imposed on the controller. The illegal condition was rectified during the inspection. | The inspection revealed a violation of Article 12(1) GDPR and Article 12(2) GDPR, for which a fine was imposed on the controller. The illegal condition was rectified during the inspection. | ||
At the same time, a fine of CZK 100,000 (approx. | At the same time, a fine of CZK 100,000 (approx. €3800) was imposed on the controller for non-cooperation. | ||
== Comment == | == Comment == |
Latest revision as of 10:33, 5 May 2021
UOOU - UOOU-00374/20 | |
---|---|
Authority: | UOOU (Czech Republic) |
Jurisdiction: | Czech Republic |
Relevant Law: | Article 12(1) GDPR Article 12(2) GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | 29.04.2021 |
Published: | 29.04.2021 |
Fine: | 3800 EUR |
Parties: | n/a |
National Case Number/Name: | UOOU-00374/20 |
European Case Law Identifier: | n/a |
Appeal: | n/a |
Original Language(s): | Czech |
Original Source: | UOOU (in CS) |
Initial Contributor: | n/a |
The Czech DPA fined a broadcaster €3800 for not cooperating during an inspection. The controller also violated Article 12(1) and (2) GDPR by providing outdated and incomplete privacy policy on its website.
English Summary
Facts
The DPA verified GDPR compliance of a controller, a television broadcaster, in connection with the use of cookies in the operation of multimedia websites.
The operator of the website declared the use of cookies to set the username or language and for analytical purposes.
The inspection revealed that the controller fulfilled the information obligation towards the data subject by publishing its privacy policy on the website. However, the user was not notified about its update. Until 25 May 2020, the information was not provided in an easily accessible manner, as it was necessary to search for it. In addition, the information was incomplete and outdated (especially references to legislation).
It was further verified that the controller had taken technical and organizational measures within the meaning of Article 32 GDPR and documented it in the privacy policy. The security measures had been regularly updated.
Holding
The inspection revealed a violation of Article 12(1) GDPR and Article 12(2) GDPR, for which a fine was imposed on the controller. The illegal condition was rectified during the inspection.
At the same time, a fine of CZK 100,000 (approx. €3800) was imposed on the controller for non-cooperation.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Czech original. Please refer to the Czech original for more details.
Control of the use of cookies (UOOU-00374/20) Media content provider The subject of control on the basis of the control plan for 2020 was compliance with the obligations of the personal data controller in processing personal data of users in connection with the use of cookies in the operation of multimedia websites (television broadcaster), Articles 11-19 of the General Regulation and to the extent of the corresponding obligations pursuant to Article 5 of the General Regulation, including the use of cookies in the operation of the website. The administrator providing the operation of the website declared the use of cookies during normal browsing of the site and after deleting the site / browser should delete them automatically, to set the username or language so that the visitor does not have to enter data at each visit, and analytical purposes, ie finding aggregate information on the total number of visitors to the server, length of visit, etc. The inspection revealed that the inspected person fulfilled the information obligation towards the data subject by processing the document Principles of protection of personal and other processed data, which was stored in the Contacts tab on the website, but the user / visitor was not notified and until they were updated. (25 May 2020), the information pursuant to Article 12 of the General Regulation was not provided in an easily accessible manner, as it was necessary to search for it. In addition, the information was incomplete, some data were not up-to-date (especially references to legislation). The inspection revealed a violation of Article 12, Paragraphs 1 and 2 of the General Regulation, whereby the inspected person committed an offense pursuant to Section 62, Paragraph 1, Letter c) of Act No. 110/2019 Coll., on the processing of personal data, for which a fine was imposed on her; the inspected person rectified the illegal condition during the inspection. At the same time, a fine of CZK 100,000 was imposed on her for non-cooperation. It was further verified that the inspected person had taken technical and organizational measures within the meaning of Article 32 of the General Regulation, which it documented in the Principles of Personal and Other Processed Data Protection, which apply, inter alia, to cookie processing and other internal measures. The security measures taken have been regularly updated.