The Privacy Guarantor has fined the manager of a well-known online teaching site 200 thousand euros for violating the personal data of approximately 1 million subscribers.
It is the first time that the Authority has adopted a measure against a dating site.
The decision, taken following a complex investigation which also required an on-site inspection, revealed the unlawfulness of the processing of user data, including that relating to sexual preferences and orientations.
Registration on the platform, which has around 5 million members all over the world (of which over one million with a validated email and almost 10 thousand with active paid subscription), required the insertion of numerous data (meeting interest, country, region, city of residence, date of birth, e-mail) and photos, which customers uploaded to their public profile or reserved area, without providing them with adequate information on the use that would be made of that data.
In fact, the information on the platform did not contain any indication regarding the multiple and further treatments carried out by the company that manages the platform for the use of the services offered, nor information on the possibility for interested parties to exercise the rights provided for by the privacy legislation, including the right to lodge a complaint with the Guarantor.
The inspection carried out by the Guarantor also revealed that the owner of the site did not have a specific privacy policy on the retention times of the data processed, limiting himself to randomly deleting accounts that were no longer active, as well as unsuccessful registration requests. .
Finally, the company, despite being required to do so, had not drawn up the register of processing activities, had not appointed the data protection officer, nor prepared the impact assessment.
In consideration of the numerous violations found, the Guarantor, in addition to the financial penalty, ordered the adoption of a series of measures to strengthen the security of customer data, such as, for example, encryption measures.
Reproduction reserved © Copyright ANSA