🔍 Investigation and Findings
The Lithuanian data protection authority fined Vinted nearly €2.4M ($2.6M) for violating customer data protection rights. Complaints came from France and Poland about how the company managed personal data. The Lithuanian State Data Protection Inspectorate (SDPI) charged Vinted with improper implementation of data protection principles. The SDPI stated this negatively affected users' rights under GDPR.
💼 Complaints and Violations
Complaints were filed from France, Poland, the Netherlands, and Germany. Issues included difficulties deleting private data and "stealth banning" users without their knowledge. The SDPI found Vinted breached several GDPR articles and hid additional transaction costs. French consumer protection authority CNIL highlighted these concerns in their findings.
⚖️ Vinted's Response
Vinted disputed the fines, stating, "We fundamentally disapprove of this decision." The company argued the ruling has "no legal basis" and sets a precedent beyond current legislation and industry practices. Vinted claimed the fines exceeded what is standard in the industry and current legislation.
📅 Next Steps
The SDPI considered Vinted's international reach, the extensive impact of the breaches on users, and the prolonged duration of violations when setting the €2.4M fine. Vinted announced plans to appeal the ruling, arguing that the fine is excessive and unsupported by existing laws. The outcome of the appeal will be closely watched by industry stakeholders and consumer protection authorities.
Do you think the fine against Vinted is fair?
