The platform is being blamed mainly for difficulties encountered by users concerning their right to data erasure.
:quality(50)/2023/07/07/64a7df4c5fe71_placeholder-36b69ec8.png)
Published
Reading time: 2 min
:quality(50)/2024/07/03/080-hl-jmbarrere-2378770-6685629e0753c149969516.jpg)
The Lithuanian Data Protection Authority, in cooperation with the CNIL, issued a fine of 2,385,276 million euros on Tuesday, July 2, against the company Vinted for several breaches targeting the platform’s users, the CNIL reported in a press release.
Since 2020, the CNIL (National Commission for Information Technology and Civil Liberties) has received numerous complaints against the company Vinted, a community online marketplace platform, mainly relating to difficulties encountered by individuals in exercising their right to data erasure.
On July 2, 2024, in cooperation with the CNIL, the Lithuanian Data Protection Authority imposed a fine of EUR 2,385,276 million on Vinted UAB for several breaches targeting users of the platform 👉https://t.co/PYOEutQSiC pic.twitter.com/mE4goLqJ1K
— CNIL (@CNIL) July 3, 2024
Since Vinted is headquartered in Lithuania, the Lithuanian Data Protection Authority was responsible for investigating this case. The French complaints were therefore forwarded to the Lithuanian authority. The CNIL states that it cooperated closely with its counterpart throughout the procedure, as well as with the other authorities concerned (Polish, Dutch and German).
Following the investigation, the Lithuanian Data Protection Authority found several breaches of the General Data Protection Regulation (GDPR) against the company Vinted. According to the investigation, the company failed to handle the erasure requests it received fairly and transparently. The company also unlawfully implemented the “stealth ban”a method that consists of making the activity of a user considered malicious (who does not respect the rules of the platform) invisible to other users, without the latter noticing, with the aim of encouraging them to leave the platform. Finally, Vinted was unable to prove that it had correctly responded to requests for access rights.
The CNIL assures that it informed the complainants of this decision. “This sanction decision reaffirms the obligation for online platforms to ensure that the rights of the persons concerned are exercised and to process their data in a fair and transparent manner.”.