TeeShoppen โ Violation Found (Denmark, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
TeeShoppen, an online store, failed to delete a customer's personal data after promising to do so, leading to continued marketing emails. The Danish authority reprimanded the company for not respecting the customer's right to have their data erased. This case shows the importance of honoring data deletion requests promptly to avoid regulatory action.
What happened
TeeShoppen did not delete a customer's personal data as requested, resulting in continued marketing emails.
Who was affected
A customer who had requested the deletion of their personal data and continued to receive marketing emails.
What the authority found
The authority found that TeeShoppen violated GDPR by not complying with the customer's request to delete their personal data.
Why this matters
This case serves as a warning to businesses about the importance of respecting customers' rights to data erasure. Companies must ensure they promptly act on such requests to avoid reprimands or further action from data protection authorities.
GDPR Articles Cited
A data subject who had purchased goods from TeeShoppen, an e-commerce platform (the controller), and was getting marketing messages, asked the controller to delete his personal data. Subsequently, on 24 June 2019, the controller informed the data subject that his data would be deleted. When this was not done, the data subject contacted the Danish DPA. The controller confirmed to the DPA that it had deleted the personal data of the data subject. On 8 October 2020, the DPA reprimanded the controller for not immediately complying with Article 17 GDPR and closed the case. In Autumn of 2021, the data subject started receiving marketing emails again, and thus contacted the Danish DPA. The DPA sought replies from the controller but none was received. The DPA pointed out that as per Article 21(2) GDPR, data subjects have the right to object to the processing of their personal data for direct marketing purposes. In addition, data subjects have the right to have their personal data erased as per Article 17 GDPR. The DPA found that the controller had not deleted the personal data of the data subject, despite its earlier statement. Therefore, the DPA held that the controller had not complied with the data subject's right to erasure of personal data under Article 17(1)(c) GDPR. Consequently, the DPA reprimanded the controller for violating Article 17(1)(c) GDPR and ordered it to delete the personal data of the data subject.
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for TeeShoppen in DK
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. TeeShoppen - Denmark (2022). Retrieved from cookiefines.eu
Last updated: