Over one million euro fine for Yliopiston Apteekki from the Data Protection Ombudsman. Photo: Emmi Korhonen / Lehtikuva
- Previous Article Over 3,200 Finnish reservists promoted on Defence Forces’ Flag Day
- Next Article MobilePay to shift to account-based payments by default
The Finnish Data Protection Ombudsman has imposed a €1.1 million fine on Yliopiston Apteekki for violating data privacy laws by sharing sensitive customer data with external technology companies.
An investigation by the Ombudsman’s sanctions board found that the pharmacy chain used website tracking tools that passed prescription and over-the-counter medication data to Google and Meta. The breach occurred through cookies and other embedded technologies on its online store.
According to the findings, data on customer behaviour, such as adding medicines to a shopping cart or clicking purchase, was collected and shared. In some cases, this included users’ IP addresses and other identifiers that could link individuals to their online activity, particularly if they were logged into Google or Facebook at the time.
The breach affected transactions processed on Yliopiston Apteekki’s digital platform between May 2018 and September 2022.
The probe began after a doctoral researcher from the University of Turku alerted the authority to possible data protection violations.
Yliopiston Apteekki, which is owned by the University of Helsinki, stated that it stopped using Google and Meta tracking tools in September 2022.
While the pharmacy has acknowledged the timeline, it disputes the conclusions of the authority and intends to challenge the ruling in administrative court. The fine is not yet final and will be subject to judicial review.
HT
- Previous Article Over 3,200 Finnish reservists promoted on Defence Forces’ Flag Day
- Next Article MobilePay to shift to account-based payments by default
Source: www.helsinkitimes.fi
