Stjörnuna ehf – €10,000 Fine (Iceland, 2024)

€10,000Persónuvernd24 March 2024Iceland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Iceland's data protection authority fined Stjörnuna ehf., the operator of a Subway branch, for improperly using video surveillance. The investigation revealed that the restaurant's surveillance lacked a valid legal basis and employees were not informed about it. This case shows the importance of transparency and legal justification when using surveillance.

What happened

Stjörnuna ehf. was fined for conducting video surveillance without a valid legal basis and failing to inform employees.

Who was affected

Employees working at the Subway branch who were monitored by the video surveillance.

What the authority found

The authority found that Stjörnuna ehf. did not have a proper legal basis for the video surveillance, violating GDPR rules.

Why this matters

This case serves as a warning to businesses about the need for clear legal grounds and employee notification when using surveillance. Companies should review their surveillance practices to ensure compliance with data protection laws.

GDPR Articles Cited

AI-verified

Art. 6(GDPR)
Art. 12(GDPR)
Art. 13(GDPR)
Art. 5(1)(a) GDPR
View original scraped data
Art. 5(1) a) GDPR
b)
c) GDPR
Art. 6(GDPR)
Art. 12(GDPR)
Art. 13(GDPR)

Original data from scraper before AI verification against source document.

Source verified 14 March 2026
amount discrepancy
articles corrected
Iceland enforcementPersónuvernd actionsAll Stjörnuna ehf actions
Full Legal Summary
Detailed

The Icelandic DPA has imposed a fine of EUR 10,000 on Stjörnuna ehf. (the operator of a Subway branch). An employee had filed a complaint with the DPA regarding video surveillance in the restaurant. During its investigation, the DPA found that the video surveillance of the employees lacked a valid legal basis and was not considered necessary. The DPA also found that the controller failed to inform the employees about the video surveillance.

Related Enforcement Actions (0)

No other enforcement actions found for Stjörnuna ehf in IS

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

24 March 2024

Authority

Persónuvernd

Fine Amount

€10,000

Enforcement Tracker ID

ETid-2257

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Stjörnuna ehf - Iceland (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: