Sweden
H&M Hennes & Mauritz GBC AB
30,000 €
GDPR enforcement action by Data Protection Authority of Sweden on 2023-10-17.
Rank · Sector
#134
of 597 in Industry and Commerce
Rank · Sweden
#29
of 46
Rank · All fines
#913
of 3,050
Case details
- Authority
- Data Protection Authority of Sweden
- Date
- 2023-10-17
- Controller / Processor
- H&M Hennes & Mauritz GBC AB
- Sector
- Industry and Commerce
- Quoted Articles
- Art. 12 (3) GDPR, Art. 21 (3) GDPR
- Type of violation
- Insufficient fulfilment of data subjects rights
Summary
The Swedish DPA has imposed a fine of EUR 30,000 on H&M for sending out marketing messages, despite the fact that data subjects had exercised their right to objection. Six data subjects had filed a complaint against the controller with the DPA. The DPA found that the controller did not have sufficient systems and procedures in place to facilitate data subjects exercising their right to object to direct marketing.
Open original source
Links to the regulator's original publication or another source.
Related fines
Sweden
2020-03-11
5,000,000 €
ETid-232
Google LLC
Media, Telecoms and Broadcasting
Sweden
2023-06-12
4,900,000 €
ETid-1876
Spotify
Media, Telecoms and Broadcasting
Sweden
2024-08-29
3,200,000 €
ETid-2449
Apoteket AB.
Health Care
Sweden
2023-08-28
3,000,000 €
ETid-2021
Trygg-Hansa
Finance, Insurance and Consulting
Sweden
2020-12-03
2,900,000 €
ETid-473
Capio St. Göran AB
Health Care
Sweden
2021-06-21
1,600,000 €
ETid-733
Storstockholms Lokaltrafik
Transportation and Energy