Sweden
Apoteket AB.
3,200,000 €
GDPR enforcement action by Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) on 2024-08-29.
Rank · Sector
#3
of 270 in Health Care
Rank · Sweden
#3
of 46
Rank · All fines
#97
of 3,051
Case details
- Authority
- Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)
- Date
- 2024-08-29
- Controller / Processor
- Apoteket AB.
- Sector
- Health Care
- Quoted Articles
- Art. 32 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Swedish DPA has imposed a fine of EUR 3.2 million on Apoteket AB. The controller had used so-called meta pixels on its website which, due to incorrect settings, caused personal data of customers to be transmitted to Meta. The controller had used the tool to improve its marketing on Facebook and Instagram, without intending to transmit the data. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data in order to avoid such an incident.
Open original source
Links to the regulator's original publication or another source.
Related fines
Sweden
2020-03-11
5,000,000 €
ETid-232
Google LLC
Media, Telecoms and Broadcasting
Sweden
2023-06-12
4,900,000 €
ETid-1876
Spotify
Media, Telecoms and Broadcasting
Sweden
2023-08-28
3,000,000 €
ETid-2021
Trygg-Hansa
Finance, Insurance and Consulting
Sweden
2020-12-03
2,900,000 €
ETid-473
Capio St. Göran AB
Health Care
Sweden
2021-06-21
1,600,000 €
ETid-733
Storstockholms Lokaltrafik
Transportation and Energy
Sweden
2020-12-03
1,463,000 €
ETid-466
Aleris Sjukvård AB
Health Care