Restaurant operator – €50,000 Fine (Germany, 2022)

€50,000Bundesbeauftragter für den Datenschutz1 January 2022Germany
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A restaurant operator in Germany was fined €50,000 for using customer email addresses collected for COVID-19 contact tracing to send promotional emails without proper consent. This matters because it shows businesses must be clear about how they use customer data.

What happened

The restaurant operator used email addresses collected for contact tracing to send marketing emails without proper consent.

Who was affected

Restaurant visitors who provided their email addresses for contact tracing and were later sent promotional emails.

What the authority found

The DPA found that the restaurant operator did not meet the requirements for obtaining effective consent for marketing, violating GDPR rules.

Why this matters

This case highlights the importance of transparency and proper consent when collecting and using customer data. Businesses should clearly inform customers about data use and respect their rights to withdraw consent.

GDPR Articles Cited

Art. 5 GDPR
Art. 6 GDPR
Germany enforcementBundesbeauftragter für den Datenschutz actionsAll Restaurant operator actions
Full Legal Summary
Detailed

The DPA of Brandenburg has imposed a five-figure fine on a restaurant operator. During the Corona pandemic, the operator had required restaurant visitors to fill out forms with their name, address, telephone number and e-mail address for the purpose of contact tracing as required by law. However, there was no legal requirement to collect the e-mail address. Visitors were further required to check a box stating that they agreed to be contacted by the restaurant. However, the restaurant subsequently used the email addresses to send a promotional newsletter. During its investigation, the DPA found that the processing of the email address for advertising purposes was unlawful due to the fact that the requirements for giving effective consent were not met. After all, it was not clear to the data subjects that the restaurant intended to use the e-mail address for advertising purposes. The restaurant operator also failed to inform the data subjects of their right to withdrawal.

Related Enforcement Actions (1)

Other enforcement actions involving Restaurant operator in DE

Fine
Jan 2022· Bundesbeauftragter für den Datenschutz

The DPA of Berlin has imposed a fine on a restaurant operator. During the Corona pandemic, the operator had required restaurant visitors to fill out f...

Current
Jan 2022

Fine

€50K

Details

Fine Date

1 January 2022

Authority

Bundesbeauftragter für den Datenschutz

Fine Amount

€50,000

Enforcement Tracker ID

ETid-1795

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Restaurant operator - Germany (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: