ITZBund – Violation Found (Germany, 2023)

Violation Found
Bundesbeauftragter für den Datenschutz27 January 2023Germany
final
Violation Found

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Germany's data protection authority found that using Cloudflare for a government website led to unlawful data transfers. This included sharing details like IP addresses and browser information without proper safeguards. This case shows the risks of using third-party services without ensuring GDPR compliance.

What happened

The use of Cloudflare for a government website resulted in unlawful data transfers, including IP addresses and browser details.

Who was affected

Individuals accessing the Census2022 website were affected by the data transfers.

What the authority found

The data protection authority found that the data transfers violated GDPR rules on international data transfers.

Why this matters

This finding highlights the importance of ensuring third-party services comply with GDPR, especially when handling sensitive data. Website operators should carefully assess their service providers to avoid similar violations.

GDPR Articles Cited

Art. 58(2)(b) GDPR
Germany enforcementBundesbeauftragter für den Datenschutz actionsAll ITZBund actions
Full Legal Summary
Detailed

he responsible party or processor used Cloudflare to secure the website for the Census2022. The DPA believes that the transmission of data, in particular. - Date and time of access, - name of the requested file, - web page from which the file was requested, - access status {e.g. e.g. file transferred, file not found), - the web browser used and the operating system, - the lp address of the requesting device, - online identifiers (e.g. device identifiers, session lDs}. Unlawful and a violation of Art. 44 GDPR.

Outcome

Violation Found

The DPA found a violation but did not impose a fine.

Related Enforcement Actions (0)

No other enforcement actions found for ITZBund in DE

This is the only recorded action for this entity in this jurisdiction.

Details

Decision Date

27 January 2023

Authority

Bundesbeauftragter für den Datenschutz

GDPRhub ID

gdprhub-6077

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. ITZBund - Germany (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: