HH Invest SIA, an online store, was fined by the Latvian DPA (Datu valsts inspekcija) for insufficiently informing a data subject about the processing of their data.
Overall, the Latvian DPA found that HH Invest SIA had violated Article 13 of the GDPR by failing to provide sufficient and clear information to data subjects regarding the processing of their personal data. The use of deceptive patterns such as hidden information prevented data subjects from fully understanding and controlling the processing of their personal data, in violation of the GDPR.
An online store was fined €15,000 by the DPA for violations related to personal data processing. However, the DPA took into account the store's active cooperation during the investigation and efforts to remedy the issues identified. The DPA acknowledged that the store had improved the information provided to data subjects as a result of the inspection. The store is one of the largest online stores in Latvia.
SIA “HH Invest" and Latvian DPA
Press Release 15.12.2020
Related deceptive patterns
Sneaking involves intentionally withholding or obscuring information that is relevant to the user (e.g. additional costs or unwanted consequences), often in order to manipulate them into taking an action they would not otherwise choose.
Controllers must provide identity, contact details, processing purposes and legal basis, recipient information, retention period, and data subject rights when collecting personal data.