Elkjop Fined €1.8M for Forced Consent Violation
Elkjop fined for forced consent violation under GDPR
The Elkjop group was recently fined €1.8 million by the Norwegian Data Protection Authority, Datatilsynet, for violating the General Data Protection Regulation (GDPR) by forcing customers to consent to marketing emails in order to be part of their customer club. This decision comes after a complaint was filed in 2021, highlighting the unlawful practice of bundling consent for marketing with membership benefits. The fine serves as a reminder of the importance of obtaining freely given and specific consent from individuals for data processing. The case emphasizes the need for organizations to respect the rights of individuals and adhere to the principles of data protection. ## What happened The complaint was initially filed with the Swedish supervisory authority, Integritetsskyddsmyndigheten (IMY), but was later transferred to Datatilsynet due to the Norwegian parent company's role in the data processing. The investigation revealed that Elkjop's customer club membership was conditioned on consent to receive marketing emails, which is a violation of the GDPR's requirement for freely given consent. The company also failed to conduct a compatibility assessment before repurposing personal data for advertising and conversion tracking. ## Why it matters The Elkjop case highlights the significance of ensuring that consent is freely given, specific, and informed. The GDPR emphasizes the importance of respecting individuals' rights and freedoms, particularly in the context of data processing. The fine imposed on Elkjop serves as a warning to organizations to prioritize data protection and adhere to the principles of transparency, accountability, and fairness.
- Increased awareness of GDPR compliance among organizations
- Emphasis on the importance of freely given and specific consent
- Protection of individuals' rights and freedoms in the context of data processing
- Potential financial burdens on organizations found to be non-compliant
- Complexity of implementing and maintaining GDPR-compliant data processing practices
- Risk of reputational damage for organizations involved in high-profile GDPR violations
What is the significance of the Elkjop case?+
What are the key takeaways from the Elkjop case?+
How can organizations ensure GDPR compliance?+
- 01I told them forced consent was unlawful. 5 years later it cost Elkjop €1.8M
- 02I told them forced consent was unlawful. Five years later it cost Elkjop €1.8 million — That Privacy Guy!
- 03Is Coercion Sexual Assault - Herman Law
- 04RAINN | Rape, Abuse and Incest National Network
- 05Understanding Sexual Assault, Consent, Incapacitation, & Coercion | Title IX Office | The George Washington University
- security·3 min readGrapheneOS User Reported for Using Secure OS
A GrapheneOS user was reported to authorities for using the secure operating system, sparking concerns about privacy and surveillance
- security·3 min readGoogle Chrome's Silent AI Model Installation Raises Concerns
Google Chrome installs a 4GB AI model on devices without consent, sparking concerns over privacy, security, and environmental impact
- news·3 min readUS Census Bureau Bans Noise Infusion in Statistical Products
The US Department of Commerce has banned noise infusion from statistical products published by the Census Bureau, citing concerns over data integrity and public confidence