ResourcesMay 3, 2022Municipality of the Icelandic Capital fined for GDPR violation

The Municipality of Reykjavík has been fined nearly EUR 36,000 for violation of the GDPR. In April 2021 the Icelandic Supervisory Authority (SA) was notified that one of Reykjavík’s elementary schools was obtaining consent from parents for processing of personal data of students using the Seesaw educational system, which is an American cloud-based service. The Icelandic SA subsequently examined on its own initiative the use of the Seesaw educational system by elementary schools in Reykjavík. On December 20, 2021, the Icelandic SA concluded that the municipality of Reykjavík had breached various provisions of the GDPR using Seesaw. Following that decision, the Icelandic SA examined whether there were grounds for imposing an administrative fine. In its decision on May 3 the Icelandic SA concluded that the municipality of Reykjavík was to pay a 5.000.000 ISK fine (nearly EUR 36,000). Continue reading the announcement of the news on the EDPB website here.