A large Polish store is in trouble again. He has to pay a huge fine

Morele.net is one of the largest and most popular online stores selling consumer electronics in Poland. Since 2018, he has been involved in the case of a gigantic data leak, as a result of which the sensitive personal data of over two million of his customers were made public on the Internet.

A sudden turn in the matter of punishment for Morele.net

Due to “insufficient protection of personal data”, the Office for Personal Data Protection (UODO) imposed a fine of over PLN 2.8 million on Morele in 2019. Last year, however, this decision was annulled by the Supreme Administrative Court (NSA).

And when it seemed that the company had got out of serious financial difficulties, the Personal Data Protection Office again conducted administrative proceedings regarding the leak and imposed an even higher fine on the company.

In the second proceeding, officials proved that although a hacker attack on the store’s website contributed to the data leak, it probably would not have occurred if it were not for the fact that the popular e-commerce platform did not have appropriate security measures that could protect it against such an attack.

As it turned out, the administrator responsible for the security of the store’s customers did not encrypt some of the data, did not use appropriate authentication and did not analyze the risk related to the possibility of logging in to the platform via public networks.

All this allegedly contributed to unauthorized access to the store’s systems, which resulted in a huge leak of personal data of over 2.2 million people.

Nearly PLN 4 million fine for Morele.net

In the second explanatory proceeding, the Personal Data Protection Office imposed an even higher penalty on Morele.net than before, amounting to over PLN 3.8 million.

The UODO spokesman explained in an interview with “Rzeczpospolita” that the amount of the fine was determined on the basis of the guidelines of the European Data Protection Board, which clearly define the rules for calculating administrative fines.

Will the owners of the Morele.net store be forced to pay a record fine this time? As attorney Jakub Wezgraj explained in an interview with the daily, the road to a final resolution of this case is still long, because now it may go to the Provincial Administrative Court and then again to the Supreme Administrative Court.