The Danish Data Protection Agency has reported Texas Andreas Petersen A/S to the police for collecting and disclosing personal data about website visitors without a legal basis and recommends a fine of no less than DKK 200,000.
The Danish Data Protection Agency has reported the company Texas Andreas Petersen A/S to the police for collecting and disclosing personal data about website visitors on www.texas.dk without a legal basis.
In connection with a complaint, the Danish Data Protection Agency became aware that the company was collecting personal data about website visitors. During a review of the website, the Danish Data Protection Agency found that a number of cookies were used to collect and pass on information about visitors to Google and Meta.
Normally, when the Danish Data Protection Agency recommends a fine, a specific amount is set based on the nature of the case and the organisation’s turnover. The Danish Data Protection Agency has reviewed the company’s most recently published annual accounts. However, the company’s net turnover for the last financial year is not included in the annual accounts, and therefore the recommendation in this case is a fine of at least DKK 200,000.
Why report to the police?
The Danish Data Protection Agency always makes a concrete assessment of the seriousness of the case pursuant to Article 83(2) of the General Data Protection Regulation when assessing which sanction is, in the opinion of the Agency, the correct one.
In assessing the imposition of a fine, the Danish Data Protection Agency has, among other things, emphasised that the processing of personal data without a legal basis for processing personal data about potentially a large number of data subjects who have visited the website. The Danish Data Protection Agency has also emphasised that since February 2020, the Agency has articulated and provided guidance on how the data protection rules should be understood in the context of the processing of personal data about website visitors.