UOOU - UOOU-00374/20

From GDPRhub
UOOU - UOOU-00374/20
LogoCZ.jpg
Authority: UOOU (Czech Republic)
Jurisdiction: Czech Republic
Relevant Law: Article 12(1) GDPR
Article 12(2) GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided: 29.04.2021
Published: 29.04.2021
Fine: 3800 EUR
Parties: n/a
National Case Number/Name: UOOU-00374/20
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Czech
Original Source: UOOU (in CS)
Initial Contributor: n/a

The Czech DPA fined a broadcaster €3800 for not cooperating during an inspection. The controller also violated Article 12(1) and (2) GDPR by providing outdated and incomplete privacy policy on its website.

English Summary

Facts

The DPA verified GDPR compliance of a controller, a television broadcaster, in connection with the use of cookies in the operation of multimedia websites.

The operator of the website declared the use of cookies to set the username or language and for analytical purposes.

The inspection revealed that the controller fulfilled the information obligation towards the data subject by publishing its privacy policy on the website. However, the user was not notified about its update. Until 25 May 2020, the information was not provided in an easily accessible manner, as it was necessary to search for it. In addition, the information was incomplete and outdated (especially references to legislation).

It was further verified that the controller had taken technical and organizational measures within the meaning of Article 32 GDPR and documented it in the privacy policy. The security measures had been regularly updated.

Holding

The inspection revealed a violation of Article 12(1) GDPR and Article 12(2) GDPR, for which a fine was imposed on the controller. The illegal condition was rectified during the inspection.

At the same time, a fine of CZK 100,000 (approx. €3800) was imposed on the controller for non-cooperation.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Czech original. Please refer to the Czech original for more details.

Control of the use of cookies (UOOU-00374/20)
Media content provider
 
 
The subject of control on the basis of the control plan for 2020 was compliance with the obligations of the personal data controller in processing personal data of users in connection with the use of cookies in the operation of multimedia websites (television broadcaster), Articles 11-19 of the General Regulation and to the extent of the corresponding obligations pursuant to Article 5 of the General Regulation, including the use of cookies in the operation of the website.

The administrator providing the operation of the website declared the use of cookies during normal browsing of the site and after deleting the site / browser should delete them automatically, to set the username or language so that the visitor does not have to enter data at each visit, and analytical purposes, ie finding aggregate information on the total number of visitors to the server, length of visit, etc.

The inspection revealed that the inspected person fulfilled the information obligation towards the data subject by processing the document Principles of protection of personal and other processed data, which was stored in the Contacts tab on the website, but the user / visitor was not notified and until they were updated. (25 May 2020), the information pursuant to Article 12 of the General Regulation was not provided in an easily accessible manner, as it was necessary to search for it. In addition, the information was incomplete, some data were not up-to-date (especially references to legislation).

The inspection revealed a violation of Article 12, Paragraphs 1 and 2 of the General Regulation, whereby the inspected person committed an offense pursuant to Section 62, Paragraph 1, Letter c) of Act No. 110/2019 Coll., on the processing of personal data, for which a fine was imposed on her; the inspected person rectified the illegal condition during the inspection. 

At the same time, a fine of CZK 100,000 was imposed on her for non-cooperation.   

It was further verified that the inspected person had taken technical and organizational measures within the meaning of Article 32 of the General Regulation, which it documented in the Principles of Personal and Other Processed Data Protection, which apply, inter alia, to cookie processing and other internal measures. The security measures taken have been regularly updated.