Allium UPI – €3,000,000 Fine (Estonia, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Allium UPI was fined €3 million for not securing personal data properly, which led to a data breach affecting 750,000 people. This is important because it shows that companies must take data security seriously to protect individuals' information.
What happened
Allium UPI failed to implement adequate security measures, resulting in a data breach involving personal data.
Who was affected
750,000 individuals, including children and vulnerable groups, whose personal data was compromised.
What the authority found
The Estonian Data Protection Authority found that Allium UPI did not meet its obligations to secure personal data, leading to the significant fine.
Why this matters
This case serves as a strong reminder for businesses to invest in data security measures. Failing to do so can lead to severe financial penalties and loss of trust.
The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.
Related Enforcement Actions (0)
No other enforcement actions found for Allium UPI in EE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
5 September 2025
Authority
Andmekaitse Inspektsioon
Fine Amount
€3,000,000
Enforcement Tracker ID
ETid-2858
About this data
Cite as: Cookie Fines. Allium UPI - Estonia (2025). Retrieved from cookiefines.eu
Last updated: