The Riga District Court upheld the decision of the State Data Inspectorate (DVI) to impose a fine of 1.2 million euros on the partly state-owned company SIA Tet, the court decision said. To date, this is the largest fine imposed by the inspection. The fine is related to the processing of personal data for the provision of the Tet+ service. According to the publicly available decision of the DVI, in August 2021 the inspectorate received information from the State Police that when applying for an agreement for the provision of electronic communications services with Tet, the personal data of a minor was used. And although the contract was not electronically confirmed and signed by the client, the data of the minor was transferred to the debt collection company, since the client did not pay for Tet+ services. As De Facto previously reported, Tet did not verify people's identities before connecting to its Tet+ service. All that was required was to submit an application online, and even before the conclusion of the contract, Tet allowed the viewing of films and TV series, and also began sending invoices. “It all started when we received information from the police that Tet had passed on to collectors information about the non-fulfillment of an agreement about a person who did not enter into this agreement,” Lasma Dilba, deputy director of the State Data Inspectorate, said about the initiation of the case. In this particular case, someone included their minor sister's first and last name and their adult sister's Social Security number on the application. Tet connected the service to such a fictitious person and began sending invoices to the specified email address. When the bills were not paid, Tet handed over data to the collection company Creditreform, including the first and last name of an underage girl, although no agreement was concluded with Tet for anyone involved. The police did not see this as a criminal offense, but the State Data Inspectorate began an investigation and made sure that Tet+ can be connected without concluding an agreement, as well as by entering children’s personal codes in the application. During the inspection carried out at the end of 2021, the inspector of the State Inspectorate also noticed that on the Tet self-service portal, if you know the personal code of a user, you can find out his other data. All that remained was to contact Tet+ by entering this personal code, and Tet would prepare an agreement, the text of which would already indicate the address, first and last name of the owner of the personal code. The company obtains this data by comparing the personal code with the data in its database. In general, the inspectorate assessed Tet’s violations as moderately serious and calculated a fine of 3.2 million euros, but for various reasons it was reduced by almost three times. Including because the company no longer uses this practice and cooperated with the inspection. As reported, Tet strongly disagreed with the audit decision. The businessman appealed the DVI decision to the Riga City Court, but in April last year the court rejected the company’s petition. Tet told Delfi that it respects the court's decision and will comply with it. “At the same time, we consider the fine imposed by the Data Inspectorate to be disproportionate and inappropriate, since no financial harm was actually caused to anyone. Regardless of the outcome of the proceedings, we will continue to improve our personal data practices as before, ensuring that our data is processed and protected users in accordance with the law and best industry practice, constantly improving the approach in the interests of our clients,” the company explained to the Delfi portal. And regarding the provision of services only on the basis of an application, and not based on the actual contract, Tet previously responded that this does not violate regulations and other market rules: Netflix, for example, does the same. However, the procedure is constantly being improved, and currently the client must confirm his identity when submitting an application. The decision of the Riga District Court is not subject to appeal and comes into force.
Tet will still have to pay a fine of 1.2 million euros for violations of the Data Regulation
0 Komentarai
Seniausi