GDPR: the e-merchant Vinted screened by the European Data Protection Board
The GDPR compliance of the second-hand mobile sales platform Vinted will be monitored by the French CNIL and its Lithuanian and Polish counterparts, united in a working group of the European Data Protection Board.
The Cnil specifies that verifications will be carried out “following the receipt of a significant number of complaints”. Other checks will be carried out on the data retention periods and on the procedure for blocking an account on the platform.
The main object of the EDPS' control, user complaints relate to the sending of a scanned copy of their identity card in order to validate their payment as well as subsequent ones. This procedure, called "Know Your Customer" by the Lithuanian second-hand clothing sales platform, is supposed to protect them from identity theft. The three data protection authorities will check the legality of this under the GDPR.
A European unicorn
The Vinted application created in 2008 in Lithuania and directed by Thomas Plantenga now has 45 million users, including 17 million in France. This second-hand clothing marketplace has become a European Tech champion. It announces 400,000 products for sale each day between individuals With its successive fundraising, the integration of competitors and its growing number of users, Vinted was valued at 3.5 billion euros last May.
At a time when Vinted prides itself on its virtuous circular economy model, grievances against it follow one another. In May 2021, UFC-Que Choisir launched a class action against Vinted after a formal notice remained unanswered. Under the name of "Buyer Protection", Vinted collects a commission - of around 5% of the sale price - presented as optional but in reality mandatory. There is no functionality to refuse, deactivate or delete it.
Scams and harassment
On Facebook, a group called Vinted Scam brings together 9,200 people. It relates the problems of scams encountered on the platform. To fight against the counterfeiting of branded products, Vinted has introduced specific refund conditions and an algorithm capable of identifying and blocking counterfeits. Vinted must also fight against the resale of stolen items.
Finally, the testimonies of users who have been victims of harassment on the platform are multiplying. They report photos of them wearing their clothes for sale found on dubious sites, obscene messages, tendentious comments. Vinted is accused of not effectively combating this phenomenon. In addition to compliance with the GDPR, Vinted will therefore also have to strengthen the protection of its users. Vinted wants to cooperate fully with the authorities Following the publication of this article, a spokesperson for Vinted reacted. “Vinted is mobilized on a daily basis to offer an easy-to-use, reliable and transparent platform to all those who wish to buy and sell second-hand clothes between themselves,” recalls Vinted. “In this context, we are committed to preserving the privacy of our users and protecting their personal data,” continues Vinted. “Pending formal communication from the working group, we would like to affirm our willingness to cooperate fully with the competent authorities, as we have already done with the Lithuanian Data Protection Authority by the past” concludes Vinted.
Key information on this subject
Newsletters from La Revue du Digital Find the keys to digital transformation every week
- Prev
- Next
