Restaurant operator – Fine (Germany, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A restaurant in Germany was found to have misused customer data collected for COVID-19 contact tracing by sending them promotional messages. This matters because it shows businesses must respect privacy laws even when collecting data for legal reasons.
What happened
A restaurant used customer data collected for contact tracing to send them marketing messages.
Who was affected
Restaurant visitors who provided their personal information for COVID-19 contact tracing.
What the authority found
The data protection authority found the restaurant violated privacy rules by using data for marketing without a valid legal basis.
Why this matters
This case highlights the importance of using personal data only for the purpose it was collected. Businesses should ensure they have a clear legal basis before using customer data for marketing.
GDPR Articles Cited
The DPA of Berlin has imposed a fine on a restaurant operator. During the Corona pandemic, the operator had required restaurant visitors to fill out forms with their personal data for the purpose of contact tracing as required by law. However, the controller unlawfully used the data to send promotional messages to the data subjects.
Related Enforcement Actions (1)
Other enforcement actions involving Restaurant operator in DE
Details
Fine Date
1 January 2022
Authority
Bundesbeauftragter für den Datenschutz
Enforcement Tracker ID
ETid-1867
About this data
Cite as: Cookie Fines. Restaurant operator - Germany (2022). Retrieved from cookiefines.eu
Last updated: