The Lithuanian data protection authority has imposed a fine of more than 2.3 million euros on Vinted, a second-hand specialist, following complaints filed in France. The National Commission for Information Technology and Civil Liberties (CNIL) revealed in a press release that the fine of 2,385,276 euros was a result of numerous complaints filed in France in 2020 against the Lithuania-based company. These complaints were mainly about the difficulties individuals faced in exercising their right to erasure of data.
Vinted expressed disagreement with the decision and stated that it has no legal basis and sets a new precedent beyond current legislation and industry practices. The company plans to appeal the decision. Vinted reassured its members that the cases mentioned by the Lithuanian Data Protection Authority were not related to the security of their accounts or any misuse of their personal data. The platform takes privacy protection and GDPR compliance seriously.
Among the failings noted by the CNIL was that the platform did not process requests for deletion of users’ personal data in a fair and transparent manner. Vinted also implemented a “stealth ban” system that was considered to excessively infringe on users’ rights. Additionally, the platform was unable to demonstrate that it had properly responded to requests for access to customers’ personal data.
Vinted, created in Vilnius in 2008, is a platform accessible via a mobile application or Internet browser with over 100 million members worldwide. It became profitable for the first time in 2023, employing more than 2,000 people, primarily in Lithuania. In response to this issue, Vinted plans to cooperate with authorities in Poland, the Netherlands, and Germany as indicated by the CNIL.
