A restaurateur in Germany had installed too many video cameras in his restaurant, which unlawfully captures his customers, employees and the area around the premises during opening hours. He was also unable to justify this extensive monitoring to the data protection authority.
Police database abused for private purposes
A policeman had repeatedly used the police database for private purposes. With these queries, he wanted to get information about people around him (e.g. ex-girlfriends or neighbors) He received a fine of 600 euros due to this offense.
advertising calls without consent
The call center kikXXL GmbH was commissioned by various companies from a wide variety of industries to make advertising calls. However, there was no mutual consent for this. As a result, many of those affected complained to the company. However, this did not stop the call center from continuing to make these unwanted advertising calls.
Online shop with outdated software
The Lower Saxony data protection authority found in investigations against the company out that it uses an outdated version of xt:Commerce, which has not been supplied with security updates since 2014. Among other things, the software still uses the hash function MD5, which has not been in line with current security standards for several years…. […]
unlawful submissions to general practitioners
After a report on the abortion of a patient was mistakenly sent to a general practitioner, although she expressly disagreed with it, the Italian data protection authority started investigating the healthcare company. As the investigations revealed, the data breach was caused by a software failure that was used to manage patient data. A total of… […]
dentist refuses examination
A dentist in Italy has made an anamnesis bow with questions about infectious diseases a condition for an examination in his practice. However, since the affected person has an existing HIV infection, the doctor refused to treat him. According to the Italian authorities, this is a violation of the principles of legality and transparency. In… […]
Company refuses access to data protection authority
In an unannounced on-site inspection, a German company refused access to its premises. The Bavarian State Office for Data Protection Supervision then imposed a fine of EUR 20,000. After the accused filed an objection to this fine, it was lowered to EUR 7,000.
DSB-D122.970/0004-DSB/2019, Deletion of a Pseudonymous User Profile
In its decision of 8.11.2019, GZ: DSBD122.970/0004-DSB/2019 (RIS), DSB had to deal with the processing of pseudonymised data (Art. 4 (5) GDPR). The complainant had created a user profile with the provider of an Internet small ad portal. The user profile used only a (freely choosable) username and an e-mail address as a “unique identifier”…. […]
Data protection warnings defused in Germany
Even before GDPR, many german lawyers sent out chargeable warning letters about small mistakes. With this law, the German federal government wants to protect small businesses and online shops in particular from high cost due to chargeable warning letters. Websites suffered automatic crawling to find minimal errors in the imprint or data protection notices. Chargeable… […]