Sweden Sweden

Apohem AB

698,000 €

GDPR enforcement action by Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) on 2024-08-29.

Rank · Sector
#13
of 270 in Health Care
Rank · Sweden
#14
of 46
Rank · All fines
#211
of 3,051

Case details

Authority
Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)
Date
2024-08-29
Controller / Processor
Apohem AB
Sector
Health Care
Quoted Articles
Art. 32 (1) GDPR
Type of violation
Insufficient technical and organisational measures to ensure information security

Summary

The Swedish DPA has imposed a fine of EUR 698,000 on Apohem AB. The controller had used so-called meta pixels on its website which, due to incorrect settings, caused personal data of customers who had consented to marketing cookies to be transmitted to Meta. The controller had used the tool to improve its marketing on Facebook and Instagram, without intending to transmit the data. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data in order to avoid such an incident. The decision has been appealed and the process is ongoing.

Open original source Links to the regulator's original publication or another source.

Related fines

Sweden
Sweden
2020-03-11
5,000,000 €
ETid-232
Google LLC
Media, Telecoms and Broadcasting
Sweden
Sweden
2023-06-12
4,900,000 €
ETid-1876
Spotify
Media, Telecoms and Broadcasting
Sweden
Sweden
2024-08-29
3,200,000 €
ETid-2449
Apoteket AB.
Health Care
Sweden
Sweden
2023-08-28
3,000,000 €
ETid-2021
Trygg-Hansa
Finance, Insurance and Consulting
Sweden
Sweden
2020-12-03
2,900,000 €
ETid-473
Capio St. Göran AB
Health Care
Sweden
Sweden
2021-06-21
1,600,000 €
ETid-733
Storstockholms Lokaltrafik
Transportation and Energy
Back to all fines