Lithuania fines Vinted $2.6M for mishandling user data, following complaints from France and Poland. The company denies the charges and plans to appeal, arguing the fine exceeds current legislation and industry standards.
The Lithuanian data protection authority fined Vinted nearly €2.4M ($2.6M) for violating customer data protection rights. Complaints came from France and Poland about how the company managed personal data. The Lithuanian State Data Protection Inspectorate (SDPI) charged Vinted with improper implementation of data protection principles. The SDPI stated this negatively affected users' rights under GDPR.
Complaints were filed from France, Poland, the Netherlands, and Germany. Issues included difficulties deleting private data and "stealth banning" users without their knowledge. The SDPI found Vinted breached several GDPR articles and hid additional transaction costs. French consumer protection authority CNIL highlighted these concerns in their findings.
Vinted disputed the fines, stating, "We fundamentally disapprove of this decision." The company argued the ruling has "no legal basis" and sets a precedent beyond current legislation and industry practices. Vinted claimed the fines exceeded what is standard in the industry and current legislation.
The SDPI considered Vinted's international reach, the extensive impact of the breaches on users, and the prolonged duration of violations when setting the €2.4M fine. Vinted announced plans to appeal the ruling, arguing that the fine is excessive and unsupported by existing laws. The outcome of the appeal will be closely watched by industry stakeholders and consumer protection authorities.
Do you think the fine against Vinted is fair?
Each week we select most important sector news and statistic
so that you can be up to speed