Allium UPI – €3,000,000 Fine (Estonia, 2025)

€3,000,000Andmekaitse Inspektsioon5 September 2025Estonia
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.

Source verified 5 March 2026
articles corrected
Estonia enforcementAndmekaitse Inspektsioon actionsAll Allium UPI actions
Full Legal Summary

The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.

Related Enforcement Actions (0)

No other enforcement actions found for Allium UPI in EE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

5 September 2025

Authority

Andmekaitse Inspektsioon

Fine Amount

€3,000,000

Enforcement Tracker ID

ETid-2858

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Allium UPI - Estonia (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: