Changeflow GovPing Government Apoteket and Apohem Fined for GDPR Violations
Urgent Enforcement Amended Final

Apoteket and Apohem Fined for GDPR Violations

IMY News (Sweden DPA)
Filed July 3rd, 2025
Detected February 11th, 2026
Email Set alert

Summary

The Swedish Authority for Privacy Protection (IMY) has fined Apoteket AB SEK 37 million and Apohem AB SEK 8 million for GDPR violations. The companies improperly transferred sensitive personal data to Meta via the Meta Pixel tool, failing to implement adequate protective measures.

View original document View source feed page

What changed

The Swedish Authority for Privacy Protection (IMY) has imposed administrative fines totaling SEK 45 million on Apoteket AB (SEK 37 million) and Apohem AB (SEK 8 million) for violations of the General Data Protection Regulation (GDPR). The fines stem from the companies' use of Meta Pixel on their websites, which resulted in the transfer of sensitive personal data, including information about purchases of over-the-counter medicines, to Meta. IMY found that both companies failed to implement necessary procedures and monitoring to detect and prevent these improper data transfers, which continued for an extended period.

These enforcement actions highlight the critical need for regulated entities to ensure robust data protection measures, particularly when utilizing third-party analytics tools that handle sensitive personal information. Companies must have systematic approaches to security, including ongoing monitoring of data processing activities, to comply with GDPR. Failure to do so can result in significant financial penalties. While the specific compliance deadline for rectifying the issues is not stated, the fines underscore the importance of immediate review and remediation of data transfer practices to avoid further sanctions.

What to do next

  1. Review data transfer practices involving third-party analytics tools.
  2. Ensure implementation of robust technical and organizational measures for data protection.
  3. Verify that sensitive personal data is not transferred without adequate safeguards.

Penalties

SEK 37 million fine for Apoteket AB and SEK 8 million fine for Apohem AB.

Related changes

Angus Fire PFAS Reduction Permit Consultation
Priority review Mar 07, 2026 Environment Agency Latest News Environment
Sydney Wheeler Environmental Permit Application Consultation
Routine Mar 07, 2026 Environment Agency Latest News Environment
Keepmoat Homes Environmental Permit Application Consultation
Routine Mar 07, 2026 Environment Agency Latest News Environment
Svoboda v. Amazon.com Inc. - Biometric Information Privacy Act Class Action
Priority review Mar 07, 2026 7th Circuit Court of Appeals Federal Courts
AEPD Fines ORNITOLÓGICA DE ANDALUCÍA FOA 131,801 Euros for GDPR Violation
Priority review Mar 07, 2026 AEPD Resolutions (Spain DPA) Data Protection
AEPD Archives Proceedings Against Orange Spain Regarding Portability
Priority review Mar 07, 2026 AEPD Resolutions (Spain DPA) Data Protection

Source

IMY News (Sweden DPA) imy.se/en/news
Government
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various
Filed
July 3rd, 2025
Instrument
Enforcement
Legal weight
Binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Retailers Technology companies
Geographic scope
Sweden

Taxonomy

Primary area
Data Protection
Operational domain
Compliance
Topics
GDPR Online Marketing Data Transfer

Browse Categories

Federal Courts 27 State Courts 105 Securities Regulation 2 Financial Regulation 24 Consumer Protection 2 Drug Safety 15 Data Protection 10 Competition 2 Attorneys General 3 Insurance Regulation 3 Trade & Export 38 Legislation 39 Government 98 Energy Regulation 6 Environment 3 Labor & Employment 2 Tax 1

Get Government alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.