ICO - Monetary Penalty on Ticketmaster UK Limited

From GDPRhub
Revision as of 15:07, 15 November 2020 by Marita (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=United Kingdom |DPA-BG-Color=background-color:#023868; |DPAlogo=LogoUK.png |DPA_Abbrevation=ICO |DPA_With_Country=ICO (UK) |Case_Number_Name=M...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
ICO - Monetary Penalty on Ticketmaster UK Limited
LogoUK.png
Authority: ICO (UK)
Jurisdiction: United Kingdom
Relevant Law: Article 4(2) GDPR
Article 5(1)(f) GDPR
Article 5(2) GDPR
Article 32(1)(d) GDPR
DPA 3 (4)
Type: Investigation
Outcome: Violation Found
Started:
Decided: 13.11.2020
Published: 13.11.2020
Fine: 1250000 GBP
Parties: Ticketmaster UK Limited
National Case Number/Name: Monetary Penalty on Ticketmaster UK Limited
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): English
Original Source: The ICO (in EN)
Initial Contributor: Mariam Tabatadze

The information Commissioner ’s Office imposed a fine of £1.25million on Ticketmaster UK Limited for failing to protect its customers’ personal data, breaching GDPR.

English Summary

Facts

Ticketmaster is a company selling tickets online of events around the world. By its activities, which includes collecting, storing and using the personal data of its individual consumers, for the purpose of online selling, the company is a controller in respect of personal data of its customers, within the meaning of the Article 4(2; 7) GDPR. The costumer companies of Ticketmaster started reporting fraudulent transactions in February 2018. The Commonwealth Bank of Australia, Monzo Bank, Barclaycard, Mastercard and American Express all reported suggestions of fraud to Ticketmaster. But the company failed to identify the problem and in total, it took Ticketmaster nine weeks from being alerted to possible fraud to monitoring the network traffic through its online payment page. 9.4 million EEA data subjects were notified as having been potentially affected by the Personal Data Breach, of whom 1.5 million data subjects originated in the United Kingdom. Ticketmaster has received approximately 997 complaints alleging financial loss and/or emotional distress. Dispute Ticketmaster initially notified the Commissioner of the Attack on 23 June 2018 by an email of 23: 14 attaching a formal personal data breach notification. In response, the Commissioner commenced an investigation into the incident. That investigation included various exchanges with Ticketmaster and considering detailed submissions and evidence.


Dispute

The ICO has to determine if the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page.

Holding

K

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the English original. Please refer to the English original for more details.