Germany: DSGVO fine for police officer
A police officer in Baden-Württemberg had to pay a GDPR fine of €1,400, even though public bodies are not allowed to be fined according to the State Data Protection Act (LDSG).
The police officer queried the Central Traffic Information System for the owner data of a motor vehicle belonging to a private acquaintance without any official connection. He used the data obtained there to conduct an automated query with the Federal Network Agency. In the process, he obtained personal data as well as the telephone number of the injured party. He used this phone number to make contact. He did so without any official reason or the permission of the person concerned.
This punishment is in accordance with the law, since the police officer had not acted on behalf of his department (the department, as mentioned above, cannot be punished) and the police officer did not act as a “separate public body”. As the state’s data protection commissioner, Stefan Brick, cautioned, “Employees of public agencies must also comply with applicable data protection rules.”
Art des Verstoßes:
Illegal data processing
Waren sensible Daten betroffen?:
Violation of GDPR Paragraph:
5. Principles relating to personal data processing
6. Lawfulness of processing