After the company 1&1 was sentenced to a fine of 9.6 million euros for violations of the basic data protection regulation, the regional court has now reduced the fine.
Telephone number issued!
In 2018, the company had an incident that resulted in the fine of millions of dollars against 1&1. A stalker called the 1&1 hotline to find out the new cell phone number of her ex-husband. With the indication of the first name and surname as well as the date of birth she received this then also. The publication should have taken place in no case. The Federal Commissioner for Data Protection, Ulrich Kelber, then imposed a fine of millions of Euros, as the actions of 1&1 violated Art. 32 GDPR. Kelber called the procedure of the company “lax”. According to 1&1, however, this was an individual case and not an existing problem. However, the company conceded the violation of the basic data protection regulation, even if in its opinion the penalty is disproportionately high. In the workmanship of personal data, the GDPR stipulates that suitable technical and organizational measures must be taken to protect the data from unauthorized persons. This has been violated by the disclosure of the telephone number.
Penalty for 1&1 does not amount to several millions more!
After 1&1 had defended itself against the amount of the fine, a decision has now been made. The Bonn Regional Court also considers the fine imposed to be disproportionate. Although the Regional Court has now found the company guilty of violating the basic data protection regulation, the fine has been reduced. The fine is now no longer 9.6 million euros, but only 900,000 euros. This was decided by the court yesterday. The company is at fault, but the violation can only be classified as minor, according to the Regional Court in Bonn. This violation did not lead “to the mass release of data to non-authorized persons”, so it is a minor violation of the GDPR of 1&1. The company lacks awareness of the problem, as it has been living its practice of authentication for years and so far no complaints have been made.
Confirmation of the decision
The Federal Data Protection Commissioner Ulrich Kelber sees the decision of the Regional Court as confirmation of the violation and its decision. The authority communicated yesterday that it followed the opinion of the BfDI in the substantial points. It should also become clear that violations of the GDPR are not easily accepted and have consequences. Kelber added to the decision: “I am convinced that this decision will be noticed by companies on the executive floors” and “I am still waiting for the written reasons for the decision, but it is already clear: no company can afford to neglect data protection any longer”. Companies must therefore arm themselves and check their measures and also their compliance with the GDPR. After two years, the supervisory authorities are now more and more involved in the clean implementation of the basic data protection regulation.
