City of Reykjavik – €13,300 Fine (Iceland, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Icelandic DPA has imposed a fine of EUR 13,300 on the city of Reykjavik. The city had used the Google Education system in schools without sufficiently complying with data protection regulations. In particular, the city did not fulfill its obligations when selecting Google as a processor and the processing agreement with Google did not comply with data protection requirements. Furthermore, the city did not ensure that the student data was not processed for purposes other than those specified by the city. In imposing the fine, particular consideration was given to the protection of sensitive children's data. Although no demonstrable damage had occurred, it was criticized that the city had not sufficiently ensured the secure transfer of data to the US in the past. However, the municipality cooperated transparently with the data protection authority and revised its data protection practices.
GDPR Articles Cited
The Icelandic DPA has imposed a fine of EUR 13,300 on the city of Reykjavik. The city had used the Google Education system in schools without sufficiently complying with data protection regulations. In particular, the city did not fulfill its obligations when selecting Google as a processor and the processing agreement with Google did not comply with data protection requirements. Furthermore, the city did not ensure that the student data was not processed for purposes other than those specified by the city. In imposing the fine, particular consideration was given to the protection of sensitive children's data. Although no demonstrable damage had occurred, it was criticized that the city had not sufficiently ensured the secure transfer of data to the US in the past. However, the municipality cooperated transparently with the data protection authority and revised its data protection practices.
Related Enforcement Actions (1)
Other enforcement actions involving City of Reykjavik in IS
Details
Fine Date
6 December 2023
Authority
Persónuvernd
Fine Amount
€13,300
Enforcement Tracker ID
ETid-2140
About this data
Cite as: Cookie Fines. City of Reykjavik - Iceland (2023). Retrieved from cookiefines.eu
Last updated: