Inquisitive law enforcement officials seeking smartphone contact details.
Data privacy breaches and undercover surveillance: Last year, Berlin's data protection agency handed out penalties totaling over half a million euros. Privacy advocates also raise concerns about the mandatory ID check in public swimming pools.
Maintaining privacy is a top priority, and the boundary between permitted and prohibited actions is clearly set by data protection laws. The Berlin data protection agency's 2023 annual report highlights several severe infractions. Among the cases addressed by the agency, numerous fines were levied on officers who illicitly accessed personal information from law enforcement databases. There were 35 such cases initiated, leading to 32 penalties being imposed. One instance involved an officer accessing her ex-spouse's data out of personal interest. Another officer checked the database to inquire about the progress of the investigation following a break-in at their residence.
The advocates for data privacy also brought attention to two instances of inappropriate advances. In one instance, an officer spotted a woman in a supermarket parking lot and queried her license plate number in the database. The resulting private mobile number was then used to send her a message. Another officer attempted to flirt with a woman via their personal mobile phone, having obtained the number for official purposes during a police operation. The data protection agency emphasized that unofficial database queries and uses are illegal, regardless of the motivations behind them.
Heavy Fine Imposed on Bank
The most significant fine in 2023 was handed out by the data protection agency to a bank. A customer who applied for a credit card was turned down without any clear reason, leading the customer to suspect the algorithm's decision. The bank, however, refused to provide a valid explanation for the denial. When the customer filed a complaint with the data protection agency, the agency ruled in their favor due to the bank's failure to meet its transparency obligations. As a result, a fine of 300,000 euros was imposed. The report states, "When companies make automated decisions, they are obligated to justify them in a clear and understandable manner."
A fine of 215,000 euros was imposed on a company in the cultural sector. According to the data protection agencies, a manager compiled a list of employees with the intention of deciding which employees would be let go during the trial period. Personal statements regarding social and political views, mental health treatments, or the pursuit of forming a works council were recorded without the affected individuals' knowledge. This was viewed as a clear violation of data protection policies, as companies are only allowed to document performance and work behavior.
€4,000 Proposed Fine for Surveilling Interns with Hidden Wi-Fi Cameras
Data protection authorities proposed a fine of 4,000 euros against a company that surreptitiously monitored three interns for at least a month using Wi-Fi cameras hidden in power outlets. Workplace video surveillance is generally prohibited, except in rare instances, such as securing property or preventing misconduct. In 2023, the authority issued fines totaling €549,410. This amount was lower than the previous year, which saw fines amounting to €716,575 in 2022.
The authority views the mandatory ID check in some Berlin public swimming pools as a potential data privacy gray area. This measure, introduced following violent incidents, requires bathers to display their ID or passport to security staff before entering, without any data collection or storage. However, data protection advocates question whether this measure enhances security, as it fails to aid in identifying and denying entry to banned individuals due to the absence of a comparison with the ban list.
The European Union expressed concern about the mandatory ID checks in public swimming pools in Berlin, as it could potentially infringe on individuals' data privacy rights. Despite the Berlin data protection agency's stance that the ID checks do not involve data collection or storage, privacy advocates raise valid concerns about the potential misuse of this information.
Drawing attention to international obligations, the European Union emphasizes that all member states, including Germany, must uphold the highest standards of data privacy protection. This includes ensuring that data protection laws are robust, clearly defined, and strictly enforced, thereby safeguarding the rights and freedoms of all EU citizens.
