Morele does not agree with the new punishment. We have the company’s comment
Morele.net does not agree with the decision of the Office of Personal Data Protection, which re-imposed a fine on the store for the data leak from 2018. The company announces a court battle.
In 2018, there was a large data leak from the morele.net store. Hackers gained access to sensitive data of over 2 million customers. The Personal Data Protection Office imposed a fine of PLN 2.8 million on the company, but this decision was overturned by the Supreme Administrative Court.
Despite what we have already written about, the Personal Data Protection Office does not give up on this matter. The office conducted another administrative procedure and again imposed a fine on morele.net in the amount of PLN 3.8 million. The amount is to depend on the guidelines of the European Data Protection Board, which has prepared a specific tariff for such cases. The store does not agree with this decision and announces a fight in court.
Morele.net does not agree with the decision of the Office of Personal Data Protection
In the statement sent to us, morele.net confirms that it has received the decision of the President of the Personal Data Protection Office regarding the hacker attack of 2018. However, the company does not agree with it.
The store points out that the office did not correct the key irregularity indicated by the court in the judgment overturning the original decision. No expert was appointed to prepare an objective assessment of the correctness of the security measures used in 2018.
In the Company’s opinion, the President of the Personal Data Protection Office was not entitled to impose a penalty higher than the penalty imposed in the 2019 decision. During this period, the circumstances related to the case did not change, including no aggravating circumstances. On the contrary, some of the charges against the Company were quashed by the judgment of the Supreme Administrative Court. The method of calculating the penalty used by the President of the Personal Data Protection Office was both arbitrary and unjustified by the provisions of the GDPR.
– informs morele.net.
The company announced that it would again appeal against the decision of the President of the Personal Data Protection Office. The case will go to the Provincial Administrative Court.