Dansk Retursystem – Violation Found (Denmark, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Dansk Retursystem faced an investigation by the Norwegian Data Protection Authority over its 'Pant' app, which processes user bank information. The app was designed to modernize deposit payouts but raised questions about how it handled personal data. This case highlights the importance of ensuring that apps comply with data protection rules.
What happened
The Norwegian Data Protection Authority investigated Dansk Retursystem's 'Pant' app for processing user bank information.
Who was affected
Users of the 'Pant' app who linked their bank accounts for deposit payments were affected.
What the authority found
The investigation focused on whether Dansk Retursystem's processing of personal data complied with data protection principles, including legality and transparency.
Why this matters
This case emphasizes that companies must carefully manage personal data in their apps. It serves as a reminder for businesses to ensure compliance with data protection rules when handling user information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
On 6 July 2022, the Danish DPA (Datatilsynet) initiated an investigation on its own against Dansk Retursystem (a controller). The controller is an entity managing the system of cans and bottles deposits - pant. The DPA had been made aware that the controller had developed an application called "Pant" (the App) for the payment of deposit. In connection with the App, the controller processed a number of information about, among other things, the users' bank accounts, balances, loans, etc. The investigation showed that the App had a built-in component allowing a user to log in their bank to obtain the user's account information in order to pay out money to the right account. The component was made available by a third party and integrated with the App. The component could also collect information about e.g. user's balances, identity information and transaction history. However, this information was not passed on to the controller. The DPA decided to limit the investigation of the App to the questions of: (i) whether the controller's processing of personal data in connection with the use of the App took place in accordance with the principles for processing personal data, including the principle of legality, reasonableness and transparency in accordance with Article 5(1)(a) GDPR and the data minimization principle in Article 5(1)(c) GDPR; and (ii) whether the processing took place in accordance with Article 25 (1) GDPR, as regards the implementation of the data protection principles. Against this background, the DPA requested the controller for an opinion regarding the App. In his clarifications, the controller affirmed that they have developed the App to modernize the process of deposit payouts, transitioning from physical cards to direct bank transfers. The App required users to register and link a bank account for deposit payments. For this purpose the controller relied on services offered by [https://tink.com/de/ Tink AB], a payment-service-provider. The controller
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Dansk Retursystem in DK
This is the only recorded action for this entity in this jurisdiction.
Details
Decision Date
26 September 2024
Authority
Datatilsynet (Norway)
About this data
Cite as: Cookie Fines. Dansk Retursystem - Denmark (2024). Retrieved from cookiefines.eu
Last updated: