ARTICLE
1 August 2024

Swedish Trading Company Faces Million Euro Fine For Using Meta Pixel

R
Rouse

Contributor

Rouse logo
Rouse is an IP services business focused on emerging markets. We operate as a closely integrated network to provide the full range of intellectual property services, from patent and trade mark protection and management to commercialisation, global enforcement and anti-counterfeiting.
Explore
Swedish company in advertently transfers data of up to a million people to Meta. Significant fine imposed. Swedish banking and trading provider, Avanza, was using a so-called Meta pixel on its website and mobile app.
Sweden Privacy
Photo of My Mattsson
Photo of Frida Holmér (née Siverall)
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

In a nutshell

Swedish company in advertently transfers data of up to a million people to Meta. Significant fine imposed.

The background

Swedish banking and trading provider, Avanza, was using a so-called Meta pixel on its website and mobile app. This resulted in a transfer of information to Meta, which included amongst other things customer's securities holdings and values, loan amounts, account numbers and personal identification numbers. When discovered, Avanza reported this incident to the Swedish Authority for Privacy Protection (hereinafter "IMY"). However this was not a one-time occurrence, Avanza had been transferring this information to Meta for a long period of time due to incorrect settings. According to Avanza's report, personal data up to one million individuals were incorrectly transferred to Meta between November 2019 and June 2021.

IMY's investigation of the incident reveals that Avanza used Meta's analytics tool, the Facebook pixel (now Meta pixel) on both its website and on the mobile app in order to optimize the company's marketing on Facebook. The incorrect transfer of personal data was caused by the company mistakenly activating new sub-functions in the Meta pixel. When Avanza became aware of the incident, the company deactivated the Meta pixel and Meta confirmed that the personal data collected had been deleted.

According to IMY, Avanza had violated the GDPR by failing to implement appropriate technical and organisational measures to ensure an adequate level of security for the personal data of its website visitors and mobile app users.

Avanza was given an administrative fine of around 1,5 million Euros.

The takeaways

  • This decision highlights the importance of implementing sufficient technical and organisational measures to comply with the GDPR requirements of adequate level of security for personal data.
  • As this incident was discovered after a long period of time, we recommend companies monitor the inhouse technical and organizational measures on a regular basis in order to discover potential deficiencies and hopefully prevent incidents such as this from occurring.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of My Mattsson
My Mattsson
Photo of Frida Holmér (née Siverall)
Frida Holmér (née Siverall)
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More