The data protection authority (DPA) of Lithuania levied a fine of 2.4 million euros (U.S. $2.6 million) against Vinted UAB, an online clothing trading and exchange platform, for alleged violations of the European Union’s General Data Protection Regulation (GDPR).

The penalty, issued by Lithuania’s State Data Protection Inspectorate, originated from a complaint forwarded by the French and Polish DPAs alleging violations of Articles 5 and 12 of the GDPR, the SDPI announced in a press release July 3.

The details: The case falls under criteria the European Data Protection Board adopted in July 2022 for cross-border cooperation, with a working group of DPAs in Germany, France, Poland, the Netherlands, and Spain investigating a series of GDPR complaints concerning Vinted.