(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Comunicate
/
Administrative fine of €13.9 million imposed by the Czech Data Protection Authority on a company for breach of Articles 6 and 13 of GDPR

Administrative fine of €13.9 million imposed by the Czech Data Protection Authority on a company for breach of Articles 6 and 13 of GDPR

img 776 Views

The National Center for Personal Data Protection (NCPDP), for information and enforcement, communicates about the administrative fine in the amount of 13.9 million euro imposed by the Czech Data Protection Authority (SA) on a company registered in the Czech Republic for violation of Article 6 Lawfulness of processing and Article 13 Information to be provided where personal data is collected from the data subject of the GDPR.

The case concerns the transfer by controller of personal data collected by it from users of its anti-virus software to an affiliated company. The proceedings were initiated on the basis of media reports and an anonymous file.

Following the investigation, the Czech SA found that the controller transferred personal data of users of anti-virus software and browser extensions to the affiliated company without having a legal basis for such processing. The transferred data related to approximately 100 million users and included in particular the pseudonymized web browsing history of the users linked to a unique identifier. In addition, the Czech SA found that the controller misinformed its users (data subjects) about these data transfers, as it claimed that the transferred data were anonymized and used exclusively for statistical sales analysis. At the same time, the Czech Data Protection Authority concluded that Internet browsing history, even if not complete, may constitute personal data, as re-identification of at least some of the data subjects could occur. The controller’s breach is all the more serious as it is one of the leading experts in the field of cybersecurity, providing the public with data protection and privacy tools.

An administrative fine of €13.9 million (CZK 351 million) was imposed on the data controller. The decision is final and enforceable.

The NCPDP as the national supervisory authority for the processing of personal data, emphasizes the responsibility of data controllers to comply with the provisions of the legal framework for the protection of personal data and to ensure that personal data processing operations comply with the applicable legislation.

img
Reprezentanții Direcției Regionale Nord a Inspectoratului General al Poliției de Frontieră instruiți în domeniul protecției datelor cu caracter personal

       La data de 12 martie 2026, Centrul Național pentru Protecția Datelor cu Caracter Personal (CNPDCP) a organizat un curs de instruire în domeniul protecției datelor cu caracter personal destinat reprezentanților Direcției Regionale Nord a Inspectoratului General al Poliției de Frontieră (IGPF). Activitatea s-a desfășurat la sediul acestora din municipiul Edineț.     […]

img 36 Views
img
Mesaj de felicitare din partea echipei CNPDCP, cu prilejul Zilei Internaționale a Femeii – 8 Martie

Anual, la data de 8 Martie, marcăm Ziua Internațională a Femeii – un prilej de a celebra curajul, devotamentul, sensibilitatea și forța care definesc femeile în toate rolurile pe care le îndeplinesc. Cu această ocazie, echipa Centrului Național pentru Protecția Datelor cu Caracter Personal vă adresează cele mai alese gânduri și sincere felicitări. Vă mulțumim […]

img 89 Views
img Video gallery
img Information