IT sprendimai sėkmei – €3,000 Fine (Lithuania, 2021)

€3,000Valstybine duomenu apsaugos inspekcija26 February 2021Lithuania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The company that developed Lithuania's COVID-19 quarantine app was fined for not securing user data properly. The app collected personal information without enough safeguards. This case shows that app developers must prioritize data protection from the start.

What happened

IT sprendimai sėkmei developed a quarantine app that collected personal data without sufficient security measures.

Who was affected

Users of the quarantine app whose personal and health data were collected.

What the authority found

The Lithuanian DPA concluded that the app developer failed to ensure adequate data protection and transparency, breaching GDPR standards.

Why this matters

This ruling highlights the responsibility of app developers to integrate data protection into their design processes. Companies should ensure compliance with GDPR by conducting thorough data protection assessments.

GDPR Articles Cited

Art. 13 GDPR
Art. 24 GDPR
Art. 32 GDPR
Art. 35 GDPR
Art. 5(1) GDPR
Art. 58(2)(f) GDPR
Lithuania enforcementValstybine duomenu apsaugos inspekcija actionsAll IT sprendimai sėkmei actions
Full Legal Summary
Detailed

The Lithuanian DPA (VDAI) imposed a fine of EUR 3,000 on the company 'IT sprendimai sėkmei'. The DPA had opened an investigation regarding a quarantine app introduced in Lithuania during the COVID-19 pandemic in spring 2020. The controller had developed the app, which was then used by the Lithuanian National Health Service. In the course of the investigation, the DPA found that during the app's period of use, the data of a total of 677 individuals had been processed in varying degrees. The app was able to collect data such as the name, address and phone number of the data subjects. The DPA concluded that the controller had not taken sufficient technical and organizational measures to protect the data processing. Furthermore, a data protection impact assessment was not carried out, although this would have been necessary in particular because the app also processed special categories of personal data including health data. The DPA further stated that the controller had provided non-transparent and incorrect information in the app's privacy policy.

Related Enforcement Actions (0)

No other enforcement actions found for IT sprendimai sėkmei in LT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

26 February 2021

Authority

Valstybine duomenu apsaugos inspekcija

Fine Amount

€3,000

Enforcement Tracker ID

ETid-572

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. IT sprendimai sėkmei - Lithuania (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: