Cyprus: Commissioner fines WS WiSpear Systems €925,000 for violating principle of lawful, fair, and transparent processing
The Office of the Commissioner for Personal Data Protection ('the Commissioner') published, on 12 November 2021, its decision to fine, the company, WS WiSpear Systems Ltd €925,000 for violation of the principle of legality, fairness, and transparency in Article 5(1)(a) of the the General Data Protection Regulation 2016/679 ('GDPR').
Background to the case
In connection with a criminal investigation, after recieving the findings of the investigation, the company sent a letter to the Commissioner acknowledging responsibility for violation of the principles of legality, fairness, and transparency of the GDPR. In this regard, the company had collected Media access Control addresses and International Mobile Subscriber Identity data from various devices, in the context of testing and presentation of technologies, without the knowledge of users of these devices.
Findings of the Commissioner
Furthermore, the Commissioner noted this data collected, in combination with the geographical location of devices, at different times, can lead to the identification of users of devices. As such, the Commissioner found that the collection of such data, for a substantial period of time, without the knowledge of device users constituted a violation of the principle of legality, fairness, and transparency.
Finally, the Commissioner noted that the following aggravating and mitigating factors were taken into account in the imposition of the fine:
- the company's admission to the Commissioner; and
- that no device monitoring or interception of any private communication had taken place.
You can read the press release, only available in Greek, here.