Otavamedia Oy – €85,000 Fine (Finland, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Otavamedia Oy was fined €85,000 for making it difficult for users to exercise their rights regarding personal data. This is significant because it shows that companies must make it easy for people to request their data or ask for it to be deleted. Small businesses should simplify their processes to comply with data protection laws.
What happened
Otavamedia Oy required users to send a signed paper form to request their data be deleted, complicating the process.
Who was affected
Users who wanted to exercise their rights to access or delete their personal data.
What the authority found
The Finnish data protection authority ruled that Otavamedia's process violated GDPR rules by making it unnecessarily complicated for users to exercise their rights.
Why this matters
This case highlights the importance of user-friendly processes for data requests. Companies should streamline their procedures to comply with data protection regulations and avoid penalties.
GDPR Articles Cited
The Finnish DPA has imposed a fine of EUR 85,000 on Otavamedia Oy. The DPA had received eleven complaints regarding Otavamedia between 2018 and 2021. Namely, the complaints primarily concerned the lack of response to inquiries from data subjects. Otavamedia explained that some of the privacy requests had not been fulfilled due to a technical problem with email management. During the incident, messages received in the privacy inquiry email box were not forwarded to customer service representatives. The situation had only been discovered after seven months. In this context, the DPA noted that Otovamia should have tested the new e-mail system before using it in order to be able to guarantee the response to the requests and the rights of the data subjects. Analogous request were possible, but the request form had to be signed by the data subjects for identification purposes. However, Otavamedia was not processing the signature data in any other contexts, so the signature could not even be cross-checked. The DPA concluded that Otavamedia thereby collected an unnecessarily large amount of data for identification purposes and made the exercise of data subject rights harder by requiring signatures.
Related Enforcement Actions (0)
No other enforcement actions found for Otavamedia Oy in FI
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
9 May 2022
Authority
Tietosuojavaltuutetun toimisto
Fine Amount
€85,000
Enforcement Tracker ID
ETid-1254
About this data
Cite as: Cookie Fines. Otavamedia Oy - Finland (2022). Retrieved from cookiefines.eu
Last updated: