Company – €20,000 Fine (Germany, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German company was fined EUR 20,000 for using a color-coded system to show employees' vaccination status in their office plan. This system made private health information visible to others, which was against privacy rules. Businesses should be careful about how they handle sensitive employee information.
What happened
The company used a color-coded system to display employees' vaccination status, making it visible to others.
Who was affected
Employees whose vaccination status was disclosed through the color-coded office plan.
What the authority found
The DPA found the company's method of sharing vaccination status unlawful because it disclosed personal health information.
Why this matters
This case highlights the importance of protecting employee health information and ensuring privacy in workplace communications. Companies should review their methods for handling sensitive data to avoid similar issues.
The DPA from Baden-Württemberg has imposed a fine of EUR 20,000 on a company. The company had developed a new office plan that took into account the vaccination status of its employees. For information purposes, the office plan showing the new occupancy was sent to the employees. Each employee was assigned a color (green, yellow or red) depending on their vaccination status. The DPA found that the color system allowed the disclosure of the vaccination status of all employees and was therefore unlawful.
Related Enforcement Actions (20)
Other enforcement actions involving Company in DE
Fine
€20K
Details
Fine Date
1 January 2022
Authority
Bundesbeauftragter für den Datenschutz
Fine Amount
€20,000
Enforcement Tracker ID
ETid-1650
About this data
Cite as: Cookie Fines. Company - Germany (2022). Retrieved from cookiefines.eu
Last updated: