Germany
Unknown
—
GDPR enforcement action by Data Protection Authority of Berlin on 2021.
Case details
- Authority
- Data Protection Authority of Berlin
- Date
- 2021
- Controller / Processor
- Unknown
- Sector
- Accomodation and Hospitality
- Quoted Articles
- Unknown
- Type of violation
- Unknown
Summary
In order to combat the Covid 19 pandemic, a restaurant had put out an open list in which visitors had to enter their contact data. A restaurant employee obtained first names, last names, and phone numbers of women from the contact lists in order to contact the women privately and ask them about their relationship status, among other things. The DPA determined that the use of personal data from contact lists for infection control documentation outside of contact tracing was unlawful and therefore imposed a fine.
Open original source
Links to the regulator's original publication or another source.
Related fines
Germany
2024
45,000,000 €
ETid-2646
Vodafone GmbH
Media, Telecoms and Broadcasting
Germany
2020-10-01
35,258,708 €
ETid-405
H&M Hennes & Mauritz Online Shop A.B. & Co. KG
Employment
Germany
2024
4,113,486 €
ETid-2638
Unknown
Not assigned
Germany
2019
3,501,000 €
ETid-943
Unknown
Individuals and Private Associations
Germany
2022
2,001,000 €
ETid-1870
Unknown
Individuals and Private Associations
Germany
2022-03-03
1,900,000 €
ETid-1103
BREBAU GmbH
Real Estate