Hörpu tónlistar- og ráðstefnuhúss ohf. – €7,000 Fine (Iceland, 2022)

€7,000Persónuvernd8 March 2022Iceland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Icelandic DPA fined a concert hall for collecting unnecessary personal data during ticket purchases. The hall collected ID numbers and birth dates, which were not needed for buying tickets. This case shows the importance of only collecting necessary customer information.

What happened

Hörpu tónlistar- og ráðstefnuhúss ohf. collected ID numbers and birth dates from customers when they bought tickets, which was unnecessary.

Who was affected

Concert-goers who were asked for their ID numbers and birth dates when purchasing tickets.

What the authority found

The Icelandic DPA found that the concert hall violated data minimization principles by collecting more personal data than necessary.

Why this matters

This decision emphasizes that businesses should only collect the personal data they truly need. It serves as a warning to companies to review their data collection practices to ensure compliance with GDPR.

GDPR Articles Cited

Art. 6 GDPR
Art. 5(1)(c) GDPR
Iceland enforcementPersónuvernd actionsAll Hörpu tónlistar- og ráðstefnuhúss ohf. actions
Full Legal Summary
Detailed

The Icelandic DPA has fined Hörpu tónlistar- og ráðstefnuhúss ohf. EUR 7,000. The DPA had received a complaint regarding the concert hall's collection of ID number and date of birth information as part of an electronic ticket purchase. The incident occurred prior to the start of the Covid-19 pandemic, when the registration of personal data for contact tracking in the context of event visits was not yet required. The DPA concluded that it would not have been necessary to collect the data for issuing a ticket, as it would have been possible to conclude a purchase contract even without this collection. For this reason, the DPA found that the concert hall had violated the principle of data minimization.

Related Enforcement Actions (0)

No other enforcement actions found for Hörpu tónlistar- og ráðstefnuhúss ohf. in IS

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

8 March 2022

Authority

Persónuvernd

Fine Amount

€7,000

Enforcement Tracker ID

ETid-1097

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Hörpu tónlistar- og ráðstefnuhúss ohf. - Iceland (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: