Register OÜ – Complaint Upheld (Estonia, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Register OÜ faced a complaint for refusing to share a list of users who followed a profile on their website. This case is significant because it shows that users have rights to access their data. Companies must be transparent about how they handle user information.
What happened
A user requested access to the list of followers on Register OÜ's website, but the company refused to provide it.
Who was affected
The user who wanted to see the list of followers on the website inforegister.ee.
What the authority found
The Estonian DPA upheld the complaint, indicating that the company did not have a valid reason to deny access to the requested information.
Why this matters
This case highlights the importance of user rights in accessing their personal data. Companies should ensure they comply with access requests to avoid complaints and potential penalties.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A user (the data subject) of the website inforegister.ee sent a request to access to the provider of the website, Register OÜ (the controller), asking for information regarding the users who followed their profile. On the website, users can monitor changes in a company’s board members, founders and shareholders. The controller refused to provide the data subject with the list of followers. Instead, the controller removed the followers and blocked the feature for the data subject for the future. Therefore, the data subject filed a complaint with the Estonian DPA against the controller. On 12 March 2025, the DPA requested the list of followers from the controller along with the legal basis under which the controller refused to provide the information to the data subject. The controller responded to the DPA’s request on 12 March 2025 without providing the list of followers, explaining that the controller had no legal basis to disclose the information. The controller claimed that the data subject’s right to access is limited by Article 15(4) GDPR (i.e. the protection of the rights and freedoms of others). The DPA followed up on 13 March 2025 with an explanation of its role in determining the limits of the data subject’s right to access and how it depends on receiving the list of followers from the controller. On 13 March 2025 the controller responded with a refusal to disclose the list to the DPA, explaining that it could not submit a list that no longer existed and, at the same time, that it could not determine with certainty the identity of the followers, which may lead to transferring inaccurate data. Moreover, the controller claimed it had no legal basis for transferring the list to the DPA and the transfer would go against Article 5(1)(a) and (c) GDPR (i.e. the principles of lawfulness, fairness and transparency, and data minimisation), being disproportionate and unjustified. The controller’s conclusion was that, while the DPA can make an assessment of
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Register OÜ in EE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Register OÜ - Estonia (2025). Retrieved from cookiefines.eu
Last updated: