Thank You

You are now registered for our Rouse Insights Newsletter

Swedish trading company faces million euro fine for using Meta pixel

Published on 19 Jul 2024 | 2 minute read

In a nutshell 

Swedish company in advertently transfers data of up to a million people to Meta. Significant fine imposed. 

The background 

Swedish banking and trading provider, Avanza,  was using a so-called Meta pixel on its website and mobile app. This resulted in a transfer of information to Meta, which included amongst other things customer’s securities holdings and values, loan amounts, account numbers and personal identification numbers. When discovered, Avanza reported this incident to the Swedish Authority for Privacy Protection (hereinafter “IMY”). However this was not a one-time occurrence, Avanza had been transferring this information to Meta for a long period of time due to incorrect settings. According to Avanza’s report, personal data up to one million individuals were incorrectly transferred to Meta between November 2019 and June 2021.  

IMY’s investigation of the incident reveals that Avanza used Meta’s analytics tool, the Facebook pixel (now Meta pixel) on both its website and on the mobile app in order to optimize the company’s marketing on Facebook. The incorrect transfer of personal data was caused by the company mistakenly activating new sub-functions in the Meta pixel. When Avanza became aware of the incident, the company deactivated the Meta pixel and Meta confirmed that the personal data collected had been deleted. 

According to IMY, Avanza had violated the GDPR by failing to implement appropriate technical and organisational measures to ensure an adequate level of security for the personal data of its website visitors and mobile app users.  

Avanza was given an administrative fine of around 1,5 million Euros.  

The takeaways 

  • This decision highlights the importance of implementing sufficient technical and organisational measures to comply with the GDPR requirements of adequate level of security for personal data.  
  • As this incident was discovered after a long period of time, we recommend companies monitor the inhouse technical and organizational measures on a regular basis in order to discover potential deficiencies and hopefully prevent incidents such as this from occurring.   

Read more: Brott mot banksekretessen gav 15 miljoner i sanktionsavgift - Forum för Dataskydd (dpforum.se) 

Questions? 

For any questions about this case or data protection queries generally, please contact My Mattson or Frida Holmer.

30% Complete
Senior Associate
+46 (0) 70 233 62 62
Associate, Attorney at Law
+46 076 0107192
Senior Associate
+46 (0) 70 233 62 62
Associate, Attorney at Law
+46 076 0107192