HmbBfDI (Hamburg) - Vattenfall Europe Sales GmbH: Difference between revisions

From GDPRhub
No edit summary
No edit summary
Line 50: Line 50:
}}
}}


The Data Protection Authority of Hamburg fined the Vattenfall Europe Sales GmbH € 901,388.84 for violating the Articles 12, 13 GDPR by not informing their customers of data reconciliation sufficiently.
The Data Protection Authority of Hamburg fined the energy provider Vattenfall € 901,388 for violating Articles 12 and 13 GDPR by not informing their customers of data reconciliation sufficiently.


== English Summary ==
== English Summary ==
Line 56: Line 56:
=== Facts ===
=== Facts ===
For special contracts the Vattenfall Europe Sales GmbH checked "behavior that was conspicuous to change" of about 500,000 customers to avoid the offer for new customer advertising being less profitable. Therefore the Vattenfall Europe Sales GmbH used previous invoices. That took place between august 2018 and decembre 2019. The customers were neither able to recognize the data reconciliation nor were informed by the company in a sufficient way.
For special contracts the Vattenfall Europe Sales GmbH checked "behavior that was conspicuous to change" of about 500,000 customers to avoid the offer for new customer advertising being less profitable. Therefore the Vattenfall Europe Sales GmbH used previous invoices. That took place between august 2018 and decembre 2019. The customers were neither able to recognize the data reconciliation nor were informed by the company in a sufficient way.
=== Holding ===
=== Holding ===
The notice does not deal with the question wether the data reconciliation is permissible but was imposed for not informing the customers about the procedure sufficiently.
The notice does not deal with the question wether the data reconciliation is permissible but was imposed for not informing the customers about the procedure sufficiently.

Revision as of 08:34, 13 October 2021

HmbBfDI (Hamburg) - Vattenfall Europe Sales GmbH
LogoDE-HH.png
Authority: HmbBfDI (Hamburg)
Jurisdiction: Germany
Relevant Law: Article 12 GDPR
Article 13 GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published: 24.09.2021
Fine: 901389 EUR
Parties: n/a
National Case Number/Name: Vattenfall Europe Sales GmbH
European Case Law Identifier: n/a
Appeal: Not appealed
Original Language(s): German
Original Source: datenschutz-hamburg.de (in DE)
Initial Contributor: n/a

The Data Protection Authority of Hamburg fined the energy provider Vattenfall € 901,388 for violating Articles 12 and 13 GDPR by not informing their customers of data reconciliation sufficiently.

English Summary

Facts

For special contracts the Vattenfall Europe Sales GmbH checked "behavior that was conspicuous to change" of about 500,000 customers to avoid the offer for new customer advertising being less profitable. Therefore the Vattenfall Europe Sales GmbH used previous invoices. That took place between august 2018 and decembre 2019. The customers were neither able to recognize the data reconciliation nor were informed by the company in a sufficient way.

Holding

The notice does not deal with the question wether the data reconciliation is permissible but was imposed for not informing the customers about the procedure sufficiently. The Hamburg Commissioner for Data Protection and Freedom of Information held that the fine was indicated because of the huge number of concerned cases but had to be reduced for the cooperation of the company and for stopping the violating procedure.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the German original. Please refer to the German original for more details.



Fine imposed on Vattenfall Europe Sales GmbH

Fine imposed on Vattenfall Europe Sales GmbH



09/24/2021






Between August 2018 and December 2019, Vattenfall Europe Sales GmbH (Vattenfall) routinely checked contract inquiries for special contracts that were associated with special bonus payments to determine whether the customers displayed "behavior that was conspicuous to change". This check was intended to prevent customers from concluding such bonus contracts so regularly that this offer to attract new customers is no longer profitable for the company. To check this, Vattenfall used invoices from previous contractual relationships with these customers, which according to tax and commercial law must be kept for up to ten years anyway. It was not evident to the customers that such a data comparison was taking place.
After examining the process, the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) came to the conclusion that Vattenfall violated the data protection transparency obligations (Art. 12, 13 GDPR) because the customers were not adequately informed about the data comparison became. A total of around 500,000 people were affected. The HmbBfDI then imposed a fine of 901,388.84 euros on Vattenfall. The unlawfulness found does not relate to the data comparison itself, but is limited to the insufficiently fulfilled transparency obligations. The decision is final.
The fine imposed does not affect the further question of whether such a comparison is even permissible. This is not expressly regulated in the GDPR; there are no clear legal requirements in this regard. The HmbBfDI has agreed a procedure with Vattenfall which, in its opinion, takes into account both the data protection rights of customers and the economic interests of the company. Both those interested in concluding a contract with Vattenfall for the first time and existing customers are informed transparently and comprehensibly about the data comparison and its purpose. Consumers can now decide whether they want to conclude a discounted bonus contract that includes an internal review of their status as a new customer or a non-discounted contract without such a comparison.
Ulrich Kühn, the incumbent HmbBfDI: “We consider the procedure now practiced to be an appropriate balance of all interests involved. The comparisons made in the past were sanctioned because transparency obligations were violated by the customers disregarding the requirements of Artt. 12, 13 GDPR were left in the dark about the practice of data comparison. Since this affected around 500,000 cases, the imposition of a fine was indicated. Vattenfall cooperated extensively with the HmbBfDI in the process and stopped the non-transparent data comparison immediately after the HmbBfDI took action for the first time. That is why the fine had to be reduced significantly. The amount still imposed should be a warning to all companies not to neglect the statutory transparency obligations. Particularly in the case of a large number of those affected, high fines are clearly indicated, as in the present case. "
Press contact
MehcS NitraM


Phone:
+49 40 428 54-4044
Email: ed.grubmah.ztuhcsnetad@esserp