Apă Canal Ilfov SA – €3,000 Fine (Romania, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Apă Canal Ilfov SA was fined €3,000 for sending an email that exposed recipients' email addresses to each other. This breach of privacy rules highlights the importance of protecting personal data even in everyday communications. Companies should ensure they use proper email practices to avoid similar mistakes.
What happened
Apă Canal Ilfov SA sent an email with personal data to multiple recipients in an open distribution list, exposing their email addresses to each other.
Who was affected
Email recipients whose addresses were visible to others in the email chain.
What the authority found
The Romanian data protection authority found that Apă Canal Ilfov SA failed to protect personal data by not using secure email practices, violating GDPR's data security requirements.
Why this matters
This case underscores the need for businesses to handle personal data with care, even in routine communications like emails. It serves as a reminder to use blind carbon copy (BCC) or other secure methods to protect recipients' privacy.
GDPR Articles Cited
The Romanian DPA has imposed a fine of EUR 3,000 on Apă Canal Ilfov SA. The controller sent an e-mail with personal data to several recipients in an open distribution list. This made it possible for the recipients to view the e-mail addresses of all other recipients.
Related Enforcement Actions (0)
No other enforcement actions found for Apă Canal Ilfov SA in RO
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
4 January 2023
Authority
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal
Fine Amount
€3,000
Enforcement Tracker ID
ETid-1546
About this data
Cite as: Cookie Fines. Apă Canal Ilfov SA - Romania (2023). Retrieved from cookiefines.eu
Last updated: