Yliopiston Apteekin – €1,100,000 Fine (Finland, 2025)

€1,100,000Tietosuojavaltuutetun toimisto27 May 2025Finland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Yliopiston Apteekin, an online pharmacy, was fined EUR 1,100,000 by the Finnish data protection authority for allowing external providers to access personal data. They also failed to limit the data collected to what was necessary. This case shows that businesses must ensure their data practices comply with privacy laws.

What happened

Yliopiston Apteekin allowed web analytics tools from outside the EU to access personal data without proper safeguards.

Who was affected

Customers of Yliopiston Apteekin whose personal data was accessed by external providers were affected.

What the authority found

The authority ruled that the pharmacy violated GDPR's data minimization and protection principles.

Why this matters

This case highlights the need for online businesses to carefully vet third-party tools and ensure they comply with privacy regulations. It serves as a reminder that failing to do so can lead to significant financial penalties.

GDPR Articles Cited

AI-verified

Art. 5(1)(c) GDPR
Art. 32(1) GDPR
View original scraped data
Art. 5(1)(c) GDPR
f) GDPR
Art. 32(1) GDPR
(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
verified correct
Finland enforcementTietosuojavaltuutetun toimisto actionsAll Yliopiston Apteekin actions
Full Legal Summary
Detailed

The Finish DPA has imposed a fine of EUR 1,100,000 on Yliopiston Apteekin. The controller, who runs an online pharmacy, used various web analytics and monitoring tools. These tools were implemented in a way that allowed the providers, who are based outside the EU, to access personal data. The controller also failed to ensure that the tools complied with the principle of data minimization.

Related Enforcement Actions (0)

No other enforcement actions found for Yliopiston Apteekin in FI

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

27 May 2025

Authority

Tietosuojavaltuutetun toimisto

Fine Amount

€1,100,000

Enforcement Tracker ID

ETid-2647

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Yliopiston Apteekin - Finland (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: