Sweden
Avanza Bank AB
1,300,000 €
GDPR enforcement action by Data Protection Authority of Sweden on 2024-06-24.
Rank · Sector
#25
of 322 in Finance, Insurance and Consulting
Rank · Sweden
#8
of 46
Rank · All fines
#149
of 3,042
Case details
- Authority
- Data Protection Authority of Sweden
- Date
- 2024-06-24
- Controller / Processor
- Avanza Bank AB
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 32 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Swedish DPA has imposed a fine of EUR 1.3 million on Avanza Bank AB. The controller had used so-called meta pixels on its website and app, which caused personal data such as securities holdings and account numbers to be transmitted to Meta. These transfers took place from November 15, 2019 to June 2, 2021 due to incorrect settings. After becoming aware of this, Avanza deactivated the pixels and confirmed that Meta had deleted the data. Avanza has also improved its internal data security processes.
Open original source
Links to the regulator's original publication or another source.
Related fines
Sweden
2020-03-11
5,000,000 €
ETid-232
Google LLC
Media, Telecoms and Broadcasting
Sweden
2023-06-12
4,900,000 €
ETid-1876
Spotify
Media, Telecoms and Broadcasting
Sweden
2024-08-29
3,200,000 €
ETid-2449
Apoteket AB.
Health Care
Sweden
2023-08-28
3,000,000 €
ETid-2021
Trygg-Hansa
Finance, Insurance and Consulting
Sweden
2020-12-03
2,900,000 €
ETid-473
Capio St. Göran AB
Health Care
Sweden
2021-06-21
1,600,000 €
ETid-733
Storstockholms Lokaltrafik
Transportation and Energy