Germany
Restaurant
170 €
GDPR enforcement action by Data Protection Authority of Hessen on 2021.
Rank · Sector
#100
of 100 in Accomodation and Hospitality
Rank · Germany
#114
of 116
Rank · All fines
#3,035
of 3,050
Case details
- Authority
- Data Protection Authority of Hessen
- Date
- 2021
- Controller / Processor
- Restaurant
- Sector
- Accomodation and Hospitality
- Quoted Articles
- Art. 5 (1) b) GDPR
- Type of violation
- Non-compliance with general data processing principles
Summary
In order to identify a guest who had not paid, several visitors were contacted by employees of a restaurant. For this purpose, the telephone numbers provided by the guests as part of the Covid contact tracing tracing were used. Since the guests had provided their data solely for infection control purposes, the DPA considered the contacting for the purpose of identifying the guest to be a violation of the principle of purpose limitation (Art. 5 (1) b) GDPR).
Open original source
Links to the regulator's original publication or another source.
Related fines
Germany
2024
45,000,000 €
ETid-2646
Vodafone GmbH
Media, Telecoms and Broadcasting
Germany
2020-10-01
35,258,708 €
ETid-405
H&M Hennes & Mauritz Online Shop A.B. & Co. KG
Employment
Germany
2024
4,113,486 €
ETid-2638
Unknown
Not assigned
Germany
2019
3,501,000 €
ETid-943
Unknown
Individuals and Private Associations
Germany
2022
2,001,000 €
ETid-1870
Unknown
Individuals and Private Associations
Germany
2022-03-03
1,900,000 €
ETid-1103
BREBAU GmbH
Real Estate