German watchdog fines two companies over personal data transaction – Out

Posted on by News4Me

Das Bayerische Landesamt für Datenschutzaufsicht, the data protection authority (DPA) for the state of Bavaria, said it had fined two companies for their failure to adhere to data protection laws when they struck a deal for the sale and purchase of customer email addresses.

The fines levied were unspecified but were each at a five-figure level, it said.

The watchdog said that it is aware of cases where companies have transferred their ownership of customer data to other businesses. It said that this presents a compliance issue where the data concerns not just basic names and address details but additional data such as contact information, account and payment card details and transaction histories of individual customers.

It said it has become aware of the trade in this information as a result of receiving complaints from customers about unsolicited marketing communications they have received.

Businesses need to ensure they have customers’ consent to the transfer of their data between companies, or have at least been made aware of the planned data transfer arrangement and given a right to object to that transfer, the Bavarian watchdog said.

“Companies and liquidator must be aware that personal customer data may not be sold like any commodity,” president of the Bavaria DPA Thomas Kranig said.

Munich-based technology law expert Marc Holtorf of Pinsent Masons, the law firm behind Out-Law.com, said that companies should check how asset deals are structured before entering into them.

“Selling personalised customer data by way of an asset deal might not be the best approach,” Holtorf said. “The decisions rendered by the Bavarian DPA underpin the trend that data protection compliance is increasingly becoming one of the major drivers for larger projects. This is true when the project is about selling customer data but also when it comes to the structuring of larger MA transactions, especially when the target is active in the private end consumer market.”

Bavaria’s DPA said that businesses that acquire customer email address and phone numbers and plan to use the information for advertising purposes need the “express consent” of consumers to do so. Failure to obtain this consent is a breach of both German data protection laws and laws against unfair competition, it said.

Holtorf said that the German Law Against Unfair Competition enables a variety of third parties, including competitors, business and consumer protection organisations, to request and enforce the cessation of an illegal use of personalised customer data.

Businesses that use data illegally obtained from another company to contact consumers for marketing purposes risk being fined up to €300,000, Bavaria’s DPA said.

This entry was posted in EN and tagged by News4Me. Bookmark the permalink.

About News4Me

Globe-informer on Argentinian, Bahraini, Bavarian, Bosnian, Briton, Cantonese, Catalan, Chilean, Congolese, Croat, Ethiopian, Finnish, Flemish, German, Hungarian, Icelandic, Indian, Irish, Israeli, Jordanian, Javanese, Kiwi, Kurd, Kurdish, Malawian, Malay, Malaysian, Mauritian, Mongolian, Mozambican, Nepali, Nigerian, Paki, Palestinian, Papuan, Senegalese, Sicilian, Singaporean, Slovenian, South African, Syrian, Tanzanian, Texan, Tibetan, Ukrainian, Valencian, Venetian, and Venezuelan news

Leave a Reply