HmbBfDI (Hamburg) - Vattenfall Europe Sales GmbH: Difference between revisions
(Changed summary for newsletter, restructured the facts/holding to better reflect the Hamburg DPA's short report and make them easier to follow.) |
No edit summary |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 50: | Line 50: | ||
}} | }} | ||
The | The Hamburg DPA fined Vattenfall Europe, an energy provider, €901,388 for violating Articles 12 and 13 GDPR by not informing their customers of data reconciliation sufficiently. | ||
== English Summary == | == English Summary == | ||
=== Facts === | === Facts === | ||
Vattenfall Europe Sales GmbH offered special contracts that were linked to special bonus payments to its customers. The company routinely reviewed contract enquiries linked to these offers to see whether | Vattenfall Europe Sales GmbH offered special contracts that were linked to special bonus payments to its customers. The company routinely reviewed contract enquiries linked to these offers to see whether customers exhibited "behaviour conspicuous for switching". Vattenfall used invoices from previous contractual relationships with around 500,000 customers to check this, thus effectively matching this information to the data gathered from the enquiries. The purpose of this was to avoid these deals, which primarily existed to attract new customers, from becoming unprofitable. | ||
Neither first time nor existing customers were adequately informed of this data reconciliation and its ultimate purpose. | |||
=== Holding === | === Holding === | ||
The inquiry did not deal with the question whether the data reconciliation was permissible. The €901,388 fine was only imposed for not sufficiently informing the customers about | The inquiry did not deal with the question whether the data reconciliation was permissible. The €901,388 fine was only imposed for not sufficiently informing the customers about this processing activity. | ||
The Hamburg Commissioner for Data Protection and Freedom of Information held that the fine was appropriate because of the large number of affected customers, but should be reduced in light of the cooperation by the company and because it stopped the non-transparent data reconciliation immediately after the first action by the DPA. | The Hamburg Commissioner for Data Protection and Freedom of Information held that the fine was appropriate because of the large number of affected customers, but should be reduced in light of the cooperation by the company and because it stopped the non-transparent data reconciliation immediately after the first action by the DPA. |
Latest revision as of 07:54, 14 October 2021
HmbBfDI (Hamburg) - Vattenfall Europe Sales GmbH | |
---|---|
Authority: | HmbBfDI (Hamburg) |
Jurisdiction: | Germany |
Relevant Law: | Article 12 GDPR Article 13 GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | |
Published: | 24.09.2021 |
Fine: | 901389 EUR |
Parties: | n/a |
National Case Number/Name: | Vattenfall Europe Sales GmbH |
European Case Law Identifier: | n/a |
Appeal: | Not appealed |
Original Language(s): | German |
Original Source: | datenschutz-hamburg.de (in DE) |
Initial Contributor: | n/a |
The Hamburg DPA fined Vattenfall Europe, an energy provider, €901,388 for violating Articles 12 and 13 GDPR by not informing their customers of data reconciliation sufficiently.
English Summary
Facts
Vattenfall Europe Sales GmbH offered special contracts that were linked to special bonus payments to its customers. The company routinely reviewed contract enquiries linked to these offers to see whether customers exhibited "behaviour conspicuous for switching". Vattenfall used invoices from previous contractual relationships with around 500,000 customers to check this, thus effectively matching this information to the data gathered from the enquiries. The purpose of this was to avoid these deals, which primarily existed to attract new customers, from becoming unprofitable.
Neither first time nor existing customers were adequately informed of this data reconciliation and its ultimate purpose.
Holding
The inquiry did not deal with the question whether the data reconciliation was permissible. The €901,388 fine was only imposed for not sufficiently informing the customers about this processing activity.
The Hamburg Commissioner for Data Protection and Freedom of Information held that the fine was appropriate because of the large number of affected customers, but should be reduced in light of the cooperation by the company and because it stopped the non-transparent data reconciliation immediately after the first action by the DPA.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the German original. Please refer to the German original for more details.
Fine imposed on Vattenfall Europe Sales GmbH Fine imposed on Vattenfall Europe Sales GmbH 09/24/2021 Between August 2018 and December 2019, Vattenfall Europe Sales GmbH (Vattenfall) routinely checked contract inquiries for special contracts that were associated with special bonus payments to determine whether the customers displayed "behavior that was conspicuous to change". This check was intended to prevent customers from concluding such bonus contracts so regularly that this offer to attract new customers is no longer profitable for the company. To check this, Vattenfall used invoices from previous contractual relationships with these customers, which according to tax and commercial law must be kept for up to ten years anyway. It was not evident to the customers that such a data comparison was taking place. After examining the process, the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) came to the conclusion that Vattenfall violated the data protection transparency obligations (Art. 12, 13 GDPR) because the customers were not adequately informed about the data comparison became. A total of around 500,000 people were affected. The HmbBfDI then imposed a fine of 901,388.84 euros on Vattenfall. The unlawfulness found does not relate to the data comparison itself, but is limited to the insufficiently fulfilled transparency obligations. The decision is final. The fine imposed does not affect the further question of whether such a comparison is even permissible. This is not expressly regulated in the GDPR; there are no clear legal requirements in this regard. The HmbBfDI has agreed a procedure with Vattenfall which, in its opinion, takes into account both the data protection rights of customers and the economic interests of the company. Both those interested in concluding a contract with Vattenfall for the first time and existing customers are informed transparently and comprehensibly about the data comparison and its purpose. Consumers can now decide whether they want to conclude a discounted bonus contract that includes an internal review of their status as a new customer or a non-discounted contract without such a comparison. Ulrich Kühn, the incumbent HmbBfDI: “We consider the procedure now practiced to be an appropriate balance of all interests involved. The comparisons made in the past were sanctioned because transparency obligations were violated by the customers disregarding the requirements of Artt. 12, 13 GDPR were left in the dark about the practice of data comparison. Since this affected around 500,000 cases, the imposition of a fine was indicated. Vattenfall cooperated extensively with the HmbBfDI in the process and stopped the non-transparent data comparison immediately after the HmbBfDI took action for the first time. That is why the fine had to be reduced significantly. The amount still imposed should be a warning to all companies not to neglect the statutory transparency obligations. Particularly in the case of a large number of those affected, high fines are clearly indicated, as in the present case. " Press contact MehcS NitraM Phone: +49 40 428 54-4044 Email: ed.grubmah.ztuhcsnetad@esserp