Apohem AB – €698,000 Fine (Sweden, 2024)

€698,000Integritetsskyddsmyndigheten29 August 2024Sweden
appealed
Fine

Apohem AB, a Swedish online pharmacy, was fined nearly €700,000 for sending customer data to Meta due to incorrect settings on their tracking tool. This incident highlights the need for businesses to properly configure their tracking tools to protect customer privacy. Companies must take technical measures seriously to avoid costly fines.

What happened

Apohem AB's tracking tool mistakenly transmitted customer data to Meta because of misconfigurations.

Who was affected

Customers of Apohem AB who consented to marketing cookies but had their data sent to Meta without proper safeguards.

What the authority found

The data protection authority determined that Apohem AB did not implement sufficient technical measures to protect personal data, violating GDPR.

Why this matters

This case underscores the importance of correctly setting up tracking tools and ensuring that customer data is handled responsibly. Businesses should prioritize data protection to avoid heavy fines.

GDPR Articles Cited

AI-verified

Art. 32(1) GDPR
View original scraped data
Art. 32(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 2 April 2026
amount discrepancy
articles corrected
Sweden enforcementIntegritetsskyddsmyndigheten actionsAll Apohem AB actions
Full Legal Summary
Detailed

The Swedish DPA has imposed a fine of EUR 698,000 on Apohem AB. The controller had used so-called meta pixels on its website which, due to incorrect settings, caused personal data of customers who had consented to marketing cookies to be transmitted to Meta. The controller had used the tool to improve its marketing on Facebook and Instagram, without intending to transmit the data. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data in order to avoid such an incident. The decision has been appealed and the process is ongoing.

Violations (2)

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Third-Party Cookies Without Consent
critical

Third-party tracking cookies or scripts are loaded without obtaining prior user consent.

Art. 13, 14 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Apohem AB in SE

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Minister for Legal Protection

2022 · DPA RbOverijssel

unknown (claimant)

2021 · DPA OLGLinz

Data Subject versus Telecommunications Company

2025 · DPA OLGKoblenz

CNIL

2019 · Court of Justice of the European Union

Details

Fine Date

29 August 2024

Authority

Integritetsskyddsmyndigheten

Fine Amount

€698,000

Enforcement Tracker ID

ETid-2450

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified
Cookie relevance: 80%

Cite as: Cookie Fines. Apohem AB - Sweden (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: