Details:
| Summary | The DPA from Luxembourg (CNPD) has imposed a fine of EUR 2,800 on a company. The controller had installed location sensors on a number of cars in its fleet. The purpose of this was to protect the company’s assets, monitor the transport of goods and the drivers’ working hours, among other things. Some of the location data collected by the controller was stored for two years and four months. The DPA states that this was clearly excessive and not necessary for the purposes of the processing. The DPA considered this to be a violation of the principle of storage limitation. In addition, the DPA found that the controller had not sufficiently informed the data subjects about the processing of the location data and had thus violated its information obligations pursuant to Art. 13 GDPR. |
| Link: | link |
| Related articles: | Art. 5 (1) e) GDPR, Art. 13 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 2,800 |
| Sector | Not assigned |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/