eCommerce 2020 ApS – €51,000 Fine (Iceland, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
eCommerce 2020 ApS was fined for sending loan non-payment information to a credit scoring company without proper notice. This is important because it emphasizes that companies must clearly inform customers about the consequences of their actions. Small businesses should review their communication practices to ensure transparency.
What happened
eCommerce 2020 ApS sent information about loan non-payments to Creditinfo Lánstrausti hf. without proper notification in their loan terms.
Who was affected
Borrowers who took loans from eCommerce 2020 ApS and faced non-payment registration.
What the authority found
The Icelandic DPA found that eCommerce 2020 failed to provide adequate information to borrowers about the consequences of non-payment.
Why this matters
This ruling serves as a reminder for companies to be transparent in their communications with customers. It shows that businesses can be held accountable for not informing users about important terms.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A company offering so-called "small loans" - eCommerce 2020 ApS (eCommerce) – sent information about non-payments of loans for registration at a credit scoring company - Creditinfo Lánstrausti hf. The Icelandic DPA issued a decision (case no. 2020061901 – see summary on [https://gdprhub.eu/index.php?title=Pers%C3%B3nuvernd_(Island)_-_2020061901 GDPRHub]) against Creditinfo Lánstrausti hf. after the consumers' association of Iceland filed a complaint against it. Following the investigation in that case, it was revealed that the loan terms of eCommerce did not include any provision stating that non-payment (for 40 days) leads to registration of non-payment at Creditinfo Lánstrausti hf. However, in this case eCommerce 2020 disputed the fact that such provision was missing and argued that regardless of the wording in the company's loan terms at any given time, borrowers were always informed of the consequences of non-payments on their loans. Furthermore, eCommerce claimed that there was always some kind of provision in the company's loan terms stating that if a loan defaulted, the company has the right to entrust a third party to collect the loan. It was also revealed that information on non-payments were registered on behalf of eCommerce 2020 ApS despite the fact that the amount of the payment default was below the minimum amount that could be registered according to the terms of the business license of Creditinfo Lánstrausti hf. In light of the above, the Icelandic DPA considered that there may be grounds for imposing an administrative fine on eCommerce 2020 ApS, and initiated an investigation. Firstly, the Icelandic DPA concluded that eCommerce is responsible as the controller for the processing of the personal data in question when eCommerce sends the information on non-payments to Creditinfo Lánstrausti hf. for registration. Moreover, the DPA stated that eCommerce is liable for ensuring that the conditions of the loan terms are met for the registration of non-p
Related Enforcement Actions (1)
Other enforcement actions involving eCommerce 2020 ApS in IS
Details
About this data
Cite as: Cookie Fines. eCommerce 2020 ApS - Iceland (2023). Retrieved from cookiefines.eu
Last updated: