Taksi Helsinki – €72,000 Fine (Finland, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Taksi Helsinki faced a fine for not properly handling customers' audio and video data. The data protection authority found that the company failed to follow rules about how to process this personal data safely and transparently. This case highlights the importance of following data protection laws to avoid penalties.
What happened
Taksi Helsinki was fined for not demonstrating that it processed audio and video data in compliance with GDPR.
Who was affected
Customers whose audio and video data were recorded in Taksi Helsinki's vehicles.
What the authority found
The authority ruled that Taksi Helsinki did not comply with GDPR's requirements for processing personal data, particularly regarding accountability and data minimization.
Why this matters
This ruling emphasizes that companies must ensure they are following data protection laws when handling personal data. Other businesses should review their data processing practices to avoid similar issues.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Following the investigations carried out in November 2019 on Taksi Helsinki’s processing, the Tietosuojavaltuutetun toimisto found several serious GDPR violations regarding the processing of customers’ audio and video personal data. The Tietosuojavaltuutetun toimisto raised six data protection law issues regarding the processing of both audio and video data which can be summed up as below: - Does the controller process audio and video data for security purposes in accordance with Article 6(1)(f) GDPR? - Does the controller process audio and video data in accordance with 5(1)(c) GDPR? - Does the information provided to data subjects regarding the security camera and the automated decision making process comply with Article 12 GDPR? - Did the controller identify the actors playing a role in the processing, with respect to Articles 4(7), (8) and Articles 26, 28 GDPR (processor, controller, joint controllership)? - Did the controller maintain a record of processing activities according to Article 30 GDPR? - Did the controller perform a data protection impact assessment prior to the implementation for the security camera system, as prescribed under Article 35 GDPR? First, the Tietosuojavaltuutetun toimisto decided that the controller was not able to demonstrate that the processing of video and audio data for security purposes complies with Article 5 (1) (a) and Article 6 (1) (f) GDPR. Thus, the controller failed to comply with the accountability principle under Article 5 (2) GDPR. Second, the data protection authority pointed out that the recording of images and sound in all of the company’s cars did not comply with the principle of data minimisation under Article 5(1)(c) GDPR. The recording of the image would have fit the purposes of safety and the investigation of criminal offences and damages which might have occurred, as claimed by the controller. Regarding the information to be provided to the data subjects, the data protection authority ruled that sever
Related Enforcement Actions (1)
Other enforcement actions involving Taksi Helsinki in FI
Details
About this data
Cite as: Cookie Fines. Taksi Helsinki - Finland (2020). Retrieved from cookiefines.eu
Last updated: