Rebtel Networks AB – Complaint Upheld (Sweden, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Rebtel Networks AB was reprimanded for not deleting a user's data and continuing to send emails after the user requested deletion. The user tried multiple times to stop receiving emails but was unsuccessful. This case shows that companies must respect users' rights to have their data deleted.
What happened
Rebtel Networks AB failed to delete a user's data and continued sending unsolicited emails despite multiple requests to stop.
Who was affected
A former user who repeatedly received emails after requesting data deletion.
What the authority found
The Swedish DPA reprimanded Rebtel Networks AB for not deleting personal data promptly and for providing incorrect information about the deletion process, violating GDPR.
Why this matters
This decision emphasizes the importance of respecting users' rights to data deletion and ensuring that communication about data handling is accurate. Companies should ensure their systems effectively process deletion requests.
GDPR Articles Cited
The complainant unsuccessfully tried to persuade the company to stop sending unsolicited emails after deleting her account. She requested removal of her data four times and each time the company confirmed that her data had been deleted and that she would not receive any more messages. After each time she then received a new email asking her to provide feedback about the service. She also tried to use the "unregister" link provided in each e-mail but it did not worked either. The company stated that the complainant's request for deletion was not handled due to the company not perceiving it as a request for deletion. According to the DPA it has been made clear in the request that the complainant wanted to exercise her right to deletion. The DPA issued a reprimand on Rebtel Networks AB for violating Article 17 GDPR by not deleting personal data of the complainant without undue delay and Article 23 GDPR by providing incorrect information about deletion of personal data.
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Rebtel Networks AB in SE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Rebtel Networks AB - Sweden (2021). Retrieved from cookiefines.eu
Last updated: