Tele2 Sverige Aktiebolag – €1,000,000 Fine (Sweden, 2023)

€1,000,000Integritetsskyddsmyndigheten30 June 2023Sweden
appealed
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Tele2 Sverige was fined €1 million for illegally transferring personal data to the US without proper safeguards. This is significant because it shows that companies must comply with strict data protection rules when handling user information across borders. Small businesses should review their data transfer practices to avoid hefty fines.

What happened

Tele2 Sverige unlawfully transferred personal data to the US while using Google Analytics.

Who was affected

Users whose personal data was transferred to the US without adequate protection were affected.

What the authority found

The Swedish DPA found that Tele2 did not provide sufficient protection for personal data transferred to the US, violating GDPR.

Why this matters

This ruling reinforces the need for businesses to ensure that any data sent outside the EU meets strict protection standards. Companies should assess their data transfer agreements carefully.

GDPR Articles Cited

AI-verified

Art. 44 GDPR
View original scraped data
Art. 44 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
parse error
Sweden enforcementIntegritetsskyddsmyndigheten actionsAll Tele2 Sverige Aktiebolag actions
Full Legal Summary
Detailed

The Swedish DPA has imposed a fine of EUR 1 million on Tele2 Sverige Aktiebolag. The Austrian organization None of your Business (NOYB) had filed a complaint against the company in light of the Schrems II judgment, stating that the company was unlawfully transferring personal data to the US. The company had used Google Analytics for visitor statistics and based the data processing by the statistics tool on the EU standard contractual clauses, as no adequacy decision had been issued by the EU Commission for the USA. In the course of its investigation, the DPA determined that the use of the standard contractual clauses was not sufficient to guarantee a level of protection equivalent to that of the EU. ---UPDATE--- Following an appeal to the Administrative Court of Appeal, the court upheld the DPA's decision.

Related Enforcement Actions (0)

No other enforcement actions found for Tele2 Sverige Aktiebolag in SE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

30 June 2023

Authority

Integritetsskyddsmyndigheten

Fine Amount

€1,000,000

Enforcement Tracker ID

ETid-1937

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Tele2 Sverige Aktiebolag - Sweden (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: