The end of October brought in a major 525.000 EUR GDPR fine applied to Techpump Solutions S.L. Techpump Solutions is the owner of different internet domains containing adult content.
The main reason behind the fine was that the actual treatment of personal data did not correspond to the one mentioned in the company’s privacy policy. Personal data was indefinitely maintained until users specifically requested withdrawal of consent, even though they hadn’t previously given a clear affirmative approval to acquiring their data.
Furthermore, the only language in which the privacy policy was written in was English even though the company operates in Spain, a country in which English is not recognised as an official language.
Another infringement of the GDPR resulted from an absence of conditions requiring the consent of legal guardians in order for minors under the age of 14 to access relevant webpages. The company failed to make any reasonable efforts to verify that that consent is given or authorised by the holder of parental responsibility over the child.
The data processor also requested users to input additional personal data such as passport information without explaining the reason behind this out-of-the-ordinary request. The same applies to collecting users’ IP addresses without giving a reason to do so.
Last but not least, the data processor failed to provide information on the use of cookies on its applicable websites, even though they had to be accepted prior to using certain features or accessing different websites.
Written by: Briana Huști
