Decisions made by the data protection authority of Germany

A German restaurateur had a list on which his guests had to register in order to track possible COVID-19 infection chains. However, this contact list was open and visible to everyone. On the basis of this, the data protection authority imposed a fine of 100 euros.

A restaurateur in Germany had installed too many video cameras in his restaurant, which unlawfully captures his customers, employees and the area around the premises during opening hours. He was also unable to justify this extensive monitoring to the data protection authority.

A policeman had repeatedly used the police database for private purposes. With these queries, he wanted to get information about people around him (e.g. ex-girlfriends or neighbors) He received a fine of 600 euros due to this offense.

The call center kikXXL GmbH was commissioned by various companies from a wide variety of industries to make advertising calls. However, there was no mutual consent for this. As a result, many of those affected complained to the company. However, this did not stop the call center from continuing to make these unwanted advertising calls.

The Lower Saxony data protection authority found in investigations against the company out that it uses an outdated version of xt:Commerce, which has not been supplied with security updates since 2014. Among other things, the software still uses the hash function MD5, which has not been in line with current security standards for several years…. […]

In an unannounced on-site inspection, a German company refused access to its premises. The Bavarian State Office for Data Protection Supervision then imposed a fine of EUR 20,000. After the accused filed an objection to this fine, it was lowered to EUR 7,000.