Germany: GDPR fine for Police Officer
A Police Officer working in the German federal land Baden-Württemberg had to pay a GDPR fine of € 1400,-. This penalty was issued even though state owned institutions can not be fined. The new data protection law (Landesdatenschutzgesetz, LDSG) prohibits this.
The Policeman requested data about the owner of a vehicle for private purposes. He then used the obtained data to issue a automated request to recieve Personal Data, as well as the mobile phone number of the person. The Police Officer then contacted the person using the obtained phone number. He did this without official necessity and consent of the victim.
This penalty is in harmony with the law, because the Police Officer did not act on behalf of the Police office (official institution). He also did not work as an “own official institution”. As State Data Protection Officer Stefan Brick put it: “Employees of official institutions also need to obey the Data Protection Rules.” (freely translated)
Type of Issue:
Illegal data processing
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph:
5. Principles relating to personal data processing
6. Lawfulness of processing