Details:
| Summary | The Lithuanian DPA (VDAI) imposed a fine of EUR 3,000 on the company ‘IT sprendimai sėkmei’. The DPA had opened an investigation regarding a quarantine app introduced in Lithuania during the COVID-19 pandemic in spring 2020. The controller had developed the app, which was then used by the Lithuanian National Health Service. In the course of the investigation, the DPA found that during the app’s period of use, the data of a total of 677 individuals had been processed in varying degrees. The app was able to collect data such as the name, address and phone number of the data subjects. The DPA concluded that the controller had not taken sufficient technical and organizational measures to protect the data processing. Furthermore, a data protection impact assessment was not carried out, although this would have been necessary in particular because the app also processed special categories of personal data including health data. The DPA further stated that the controller had provided non-transparent and incorrect information in the app’s privacy policy. |
| Link: | link |
| Related articles: | Art. 5 (1), (2) GDPR, Art. 13 GDPR, Art. 24 GDPR, Art. 32 GDPR, Art. 35 GDPR, Art. 58 (2) f) GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 3,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/