- Increased penalties for data leak incidents
The Hamburg Data Protection Officer has seen a notable surge in administrative offense proceedings this year. Between January and July, a total of 130,000 euros in fines have been handed out in 14 such instances, as revealed by Thomas Fuchs. Contrastingly, only eight proceedings were concluded in the entire previous year, and 15 were dealt with in 2022.
The fines levied this year under the General Data Protection Regulation (GDPR) have been imposed on a variety of entities, including private individuals, corporations, and government officials. Infractions include failing to comply with deletion obligations, overlooked technical security issues in customer service systems, delayed responses from debt collection agencies, and covert recording of bathroom activities in a private setting, as per Fuchs.
Fine for clandestine bathroom recordings
A man was penalized for recording his neighbor in her bathroom without her consent. Likewise, two policemen were fined for misusing official databases for personal purposes.
A hotel was slapped with a 16,000 euro fine for collecting and retaining guest ID information without a sound legal basis. A marketing firm was fined 11,500 euros for failing to adhere to deletion obligations and having security loopholes in its IT system. A logistics company was fined 32,000 euros for improper handling of delivery lists.
The surge in administrative offense proceedings highlights a potential [security gap] in data protection, as numerous entities have been found non-compliant with deletion obligations and IT security measures. The fine imposed on a hotel for retaining guest ID information without a legal basis serves as a stark reminder of the consequences of such [security gap].
