UBEEQO INTERNATIONAL – €175,000 Fine (France, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
France's data protection authority fined UBEEQO INTERNATIONAL EUR 175,000 for collecting too much location data from rental cars and keeping it too long. The company failed to justify why it needed such detailed tracking and didn't inform users properly. This case highlights the importance of collecting only necessary data and being transparent with users.
What happened
UBEEQO INTERNATIONAL collected detailed geolocation data from rental vehicles every 500 meters without proper justification.
Who was affected
Customers who rented vehicles from UBEEQO INTERNATIONAL and had their location tracked excessively.
What the authority found
The French authority found UBEEQO violated GDPR by collecting more data than necessary and keeping it too long, without properly informing users.
Why this matters
This ruling emphasizes that companies must limit data collection to what's necessary and be transparent with users. Businesses should review their data practices to ensure compliance with privacy laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The French DPA (CNIL) has fined the company UBEEQO INTERNATIONAL EUR 175,000. The vehicle rental company had collected geolocation data on rented vehicles at every 500 meters. The company stated that they had collected the data to monitor the condition of the fleet, to locate the vehicle in case of theft, and to assist customers in case of an accident, among other reasons. However, the DPA found that none of these purposes justified the collection of geolocation data in such detail. For this reason, the DPA found a violation of the principle of data minimization pursuant to Art. 5 (1) c) GDPR. The DPA also found that the company had stored the vehicle data for an excessively long period of time. The data was kept for the duration of the business relationship with a customer and then for another three years after the termination of the vehicle rental. In addition, personal data of users who had been inactive for more than eight years were still stored in the company's databases. The CNIL found that this long retention constituted a violation of Art. 5 (1) e) GDPR. Finally, the DPA found that users were not adequately informed during the registration process on the company portal, and that the company thus violated Art. 12 GDPR.
Related Enforcement Actions (0)
No other enforcement actions found for UBEEQO INTERNATIONAL in FR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
7 July 2022
Authority
Commission Nationale de l'Informatique et des Libertés
Fine Amount
€175,000
Enforcement Tracker ID
ETid-1318
About this data
Cite as: Cookie Fines. UBEEQO INTERNATIONAL - France (2022). Retrieved from cookiefines.eu
Last updated: