Details:
| Summary | The Lithuanian DPA has fined Praktiškas UAB, the operator of SportGates sports clubs, EUR 6,000. The controller had processed biometric data of customers in the context of their access to sports facilities. During its investigation, the DPA found that the customers’ consent to the processing of their biometric data could not be considered voluntary. This was because the controller did not offer the provision of any other type of information for access to the sports clubs. Nor did it provide the data subjects with information about possible alternatives for accessing the sports club. In addition, the DPA found that the controller did not provide the data subjects with sufficient information about the processing of their personal biometric data. The controller also failed to conduct a data protection impact assessment before processing the personal data. |
| Link: | link |
| Related articles: | Art. 5 (1) a) GDPR, Art. 9 (1) GDPR, Art. 13 (1), (2) GDPR, Art. 30 (1), (3) GDPR, Art. 35 (1), (3) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 6,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/