GAIJIN NETWORK LTD – Complaint Upheld (Cyprus, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Gaijin Network Ltd, a video game company, rejected a user's request to delete their data because the user didn't provide enough identification information. The privacy authority said Gaijin needs better ways to help users prove their identity, especially if their accounts are hacked. Companies should make it easier for users to exercise their privacy rights.
What happened
Gaijin Network Ltd rejected a user's data deletion request due to insufficient identification information.
Who was affected
Users of Gaijin Network Ltd's services who requested data erasure but couldn't provide additional identification.
What the authority found
The Commissioner found Gaijin's rejection was lawful due to missing authentication but urged the company to improve its processes to help users exercise their rights.
Why this matters
This decision emphasizes the need for companies to have robust systems that allow users to verify their identity easily, ensuring they can exercise their privacy rights even if their accounts are compromised.
GDPR Articles Cited
A data subject made a request for erasure of his personal data to a video game provider, Gaijin Netword Ltd. Gaijin requested additional information in order to identify the data subject. The data subject failed to provide the authentication information and Gaijin rejected the request. Was the rejection of the data subject's request for rectification as well as the company's request for additional identification information lawful? The Comissioner found that in this particular case Gaijin could not comply with the request for erasure as authentication information was missing. However, Gaijin should implement additional modalities to facilitate the exercise of data subjects' rights. The current Gaijin's modalities do not fully comply with the GDPR and additional mechanisms should be implemented so that users with hacked accounts could be also identified according to Article 12(6) GDPR.
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for GAIJIN NETWORK LTD in CY
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. GAIJIN NETWORK LTD - Cyprus (2020). Retrieved from cookiefines.eu
Last updated: