Pandora A/S must ask customers to submit government-issued identification with data deletion requests only when individual circumstances warrant, not routinely, Denmark’s data regulator said Dec 3.
The jewelry company required a copy of a passport, driver’s license or national identification card before it would consider a request for personal data deletion, according to a complaint by a British customer of the Denmark-based company. Pandora’s procedure is inconsistent with the European Union’s General Data Protection Regulation, which requires reasonable doubt about an identity before identification demands can be made, Denmark’s Data Protection Agency said.
“When it comes to the rights of ...
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.