DPC - C-XX-X-XX Groupon International Limited - December 2020

From GDPRhub
Revision as of 15:04, 10 August 2021 by Cvl (talk | contribs) (→‎Dispute)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
DPC - C-XX-X-XX Groupon International Limited - December 2020
LogoIE.png
Authority: DPC (Ireland)
Jurisdiction: Ireland
Relevant Law: Article 5(1)(c) GDPR
Article 6(1) GDPR
Article 12(2) GDPR
Article 12(6) GDPR
Article 17(1) GDPR
Article 60(2) GDPR
Article 60(3) GDPR
Article 60(4) GDPR
Section 109(2)
Type: Complaint
Outcome: Partly Upheld
Started:
Decided: 16.12.2020
Published:
Fine: None
Parties: Groupon International Limited
National Case Number/Name: C-XX-X-XX Groupon International Limited - December 2020
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): English
Original Source: Data Protection Commission (in EN)
Initial Contributor: Cellular

The Irish DPA found that Groupon infringed the principle of data minimisation (Article 5(1)(c) GDPR) by requiring the complainant to verify their identity by submitting a copy of a national ID document when a less data-driven solution to the question of identity verification was available. The DPC also found that Groupon infringed Articles 12(2),17(1)(a) and 6(1) GDPR.

English Summary

Facts

Acting in its capacity as lead supervisory authority, the Irish DPA (DPC) commenced an examination of a complaint originally received by the Polish DPA. The complaint concerned cross-border processing in which the DPC was competent to act as lead SA.

This complaint concerned Groupon’s practice at the time of the complaint of requiring data subjects to verify their identity with an electronic copy of a national identity card. This requirement applied when data subjects made certain requests, including requests for erasure of personal data, but the requirement did not apply when data subjects created a Groupon account.

Holding

The decision found that Groupon infringed the principle of data minimisation in Article 5(1)(c) GDPR by requiring the complainant to verify their identity by submitting a copy of a national ID document in circumstances where a less data-driven solution to the question of identity verification (namely by way of confirmation of email address) was available to Groupon.

The decision also found that Groupon infringed Articles 12(2),17(1)(a) and 6(1) in the circumstances of the complainant’s case.

The decision also reprimanded Groupon in respect of the infringements.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the English original. Please refer to the English original for more details.