
Danish bottle-return app criticized for data law breach
The Danish Data Protection Agency has issued severe criticism towards Dansk Retursystem for its bottle-return app collecting excessive personal information from users, violating GDPR. The issue arose in 2022 when the app processed details such as users’ accounts, balances, and bank loans. An inquiry found the app retrieved account details to refund money accurately but also could access users’ transaction histories and identities. Despite Dansk Retursystem not directly receiving this personal data, it remains responsible for its app’s legal compliance, according to the Danish Data Protection Agency. Outsourcing app development does not exempt companies from their GDPR responsibilities. The Danish Data Protection Agency mandates that Dansk Retursystem must comply with data protection regulations by January 2, 2025. This decision implies that other companies using third-party developed apps must also take action.