Groupon International Limited – Complaint Upheld (Ireland, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Ireland's Data Protection Commission found Groupon violated privacy rules by asking users for a national ID copy to verify identity, even though less intrusive methods were available. This is important because it emphasizes using the least data-intensive method for identity verification. Businesses should consider simpler options like email confirmation.
What happened
Groupon required users to submit a national ID copy for identity verification, even when simpler methods were available.
Who was affected
Groupon users who were asked to provide a national ID copy for identity verification.
What the authority found
The Irish DPC found Groupon violated GDPR by not minimizing data collection, as they could have verified identity through less intrusive means.
Why this matters
This decision underscores the need for companies to use the least invasive method for identity verification. It serves as a reminder to prioritize data minimization in customer interactions.
GDPR Articles Cited
National Law Articles
Acting in its capacity as lead supervisory authority, the Irish DPA (DPC) commenced an examination of a complaint originally received by the Polish DPA. The complaint concerned cross-border processing in which the DPC was competent to act as lead SA. This complaint concerned Groupon’s practice at the time of the complaint of requiring data subjects to verify their identity with an electronic copy of a national identity card. This requirement applied when data subjects made certain requests, including requests for erasure of personal data, but the requirement did not apply when data subjects created a Groupon account. The decision found that Groupon infringed the principle of data minimisation in Article 5(1)(c) GDPR by requiring the complainant to verify their identity by submitting a copy of a national ID document in circumstances where a less data-driven solution to the question of identity verification (namely by way of confirmation of email address) was available to Groupon. The decision also found that Groupon infringed Articles 12(2),17(1)(a) and 6(1) in the circumstances of the complainant’s case. The decision also reprimanded Groupon in respect of the infringements.
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Groupon International Limited in IE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Groupon International Limited - Ireland (2020). Retrieved from cookiefines.eu
Last updated: