Unknown – Order (Germany, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A restaurant in Germany faced an order after an employee misused visitor contact information collected for COVID-19 tracking. This is important because it shows that companies must use personal data only for its intended purpose. Businesses should be careful about how they handle customer information to avoid legal trouble.
What happened
A restaurant employee used visitor contact information from COVID-19 tracking for personal reasons.
Who was affected
Visitors who provided their contact information for health tracking were affected.
What the authority found
The German DPA found that the employee's use of personal data for private purposes was unlawful.
Why this matters
This case underscores the importance of using personal data only for its intended purpose. Companies should train their staff on proper data handling to prevent misuse.
In order to combat the Covid 19 pandemic, a cemetery had put out an open list in which visitors had to enter their contact data. A cemetery employee obtained first names, last names, and phone numbers of women from the contact lists in order to contact the women privately and ask them about their relationship status, among other things. The DPA determined that the use of personal data from contact lists for infection control documentation outside of contact tracing was unlawful and therefore imposed a fine.
Outcome
Order
A binding order requiring the controller to take specific action.
Related Enforcement Actions (8)
Other enforcement actions involving Unknown in DE
Order
Details
Order Date
1 January 2021
Authority
Bundesbeauftragter für den Datenschutz
Enforcement Tracker ID
ETid-1211
About this data
Cite as: Cookie Fines. Unknown - Germany (2021). Retrieved from cookiefines.eu
Last updated: