Posti Jakelu Oy – €2,400,000 Fine (Finland, 2024)

€2,400,000DPA Tietosuojavaltuutetu13 November 2024Finland
final
Fine

Posti Jakelu Oy was fined for using pre-ticked boxes and misleading messages in its email service. This meant users unknowingly agreed to receive emails, which is a big deal because it violates privacy rules. Businesses need to ensure that consent is clear and not tricking users into agreeing.

What happened

Posti Jakelu's electronic mailbox service used pre-ticked boxes and misleading messaging, leading to users unknowingly consenting to electronic mail delivery.

Who was affected

Users of Posti Jakelu's electronic mailbox service who were misled into giving consent.

What the authority found

The Data Protection Authority found that Posti Jakelu violated GDPR rules by not obtaining valid consent from users.

Why this matters

This case highlights the importance of clear consent mechanisms for businesses. Companies must ensure that users are fully informed and not misled when agreeing to services.

GDPR Articles Cited

AI-verified

Art. 5(1)(a) GDPR
Art. 6(1)(b) GDPR
Art. 12(1) GDPR
Art. 13(1)(c) GDPR
Art. 25(1) GDPR
View original scraped data
Art. 5(1)(a) GDPR
Art. 6(1)(b) GDPR
Art. 12(1) GDPR
Art. 13(1)(c) GDPR
Art. 25(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 10 March 2026
scope corrected
Finland enforcementDPA Tietosuojavaltuutetu actionsAll Posti Jakelu Oy actions
Full Legal Summary
Detailed

The Finnish DPA imposed a fine of EUR 2.4 million on Posti Jakelu Oy following an investigation. It was found that Posti had automatically set up an electronic mailbox for customers without their explicit consent. This mailbox was connected to other services, and customers were unable to choose whether to use it, as the services were bundled together in a single contract. Canceling the mailbox would also have resulted in the termination of the other services. The DPA determined that the requested service could have been offered without the automatic creation of the electronic mailbox. Furthermore, Posti failed to properly inform customers about the activation of the mailbox.

Violations (2)

Pre-ticked Consent Boxes
high

Cookie consent checkboxes are pre-selected by default, violating the requirement for active, affirmative consent.

Art. 4(11) GDPR

Misleading Banner Messaging
critical

The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).

Art. 7 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Posti Jakelu Oy in FI

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

BANKIA, S.A.

2021 · Agencia Española de Protección de Datos

€50K

Details

Fine Date

13 November 2024

Authority

DPA Tietosuojavaltuutetu

Fine Amount

€2,400,000

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified
Cookie relevance: 80%

Cite as: Cookie Fines. Posti Jakelu Oy - Finland (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: