Summary Final Decision Art 60
Complaint
Infringement of the GDPR
Background information
Date of final decision: 19 February 2020
LSA: DE-Berlin
CSAs: AT, BE, DE, ES, FR, IE, PL, PT, UK
Controller: Sandbox Interactive GmbH
Legal Reference: Transparency (Article 12), Right to erasure (Article 17)
Decision: Infringement of the GDPR, Reprimand
Key words: Right to erasure, User account, Identity
Summary of the Decision
Origin of the case
The complainant requested to have his player account deleted from the controller database of the online game he had previously bought. The controller requested additional information in order to process the erasure request, which it eventually granted nine months after the complainant’s request and after being notified by the Berlin DPA.
Findings
The LSA found that the complainant requested to have his account deleted via the support function of his account, after logging in using his registration data. Although the controller may only request additional information in case of reasonable doubt regarding the identity of the natural person, the controller, in this case, did not explain why he had doubts regarding the complainant’s identity. Hence, the request for additional data was not only unnecessary, but also made it more difficult for the complainant to exercise his right to erasure. Furthermore, the LSA found that not only the controller did not inform the complainant about whether they are processing the erasure request or if there is an extension of the deadline imposed by the GDPR, but also granted the erasure request with a significant delay after the end of the legal deadline.
Following the LSA’s inquiry, the controller modified his process for the deletion of user accounts.
Decision
The LSA found that the controller did not comply with his obligations under the GDPR and issued a reprimand.
—
This text has been converted automatically from the PDF available via
https://edpb.europa.eu/our-work-tools/consistency-findings/register-for-article-60-final-decisions_en
using Apache Tika to allow for a better search. This might result in some characters being mangled.
Please see the original file for the official wording at
https://edpb.europa.eu/sites/edpb/files/article-60-final-decisions/summary/publishable_de-berlin_2020-02_article_16_summarypublic.pdf
Please see also EDPB Copyright page