HmbBfDI (Hamburg) - Vattenfall Europe Sales GmbH: Difference between revisions
No edit summary |
No edit summary |
||
Line 50: | Line 50: | ||
}} | }} | ||
The Data Protection Authority of Hamburg fined the Vattenfall | The Data Protection Authority of Hamburg fined the energy provider Vattenfall € 901,388 for violating Articles 12 and 13 GDPR by not informing their customers of data reconciliation sufficiently. | ||
== English Summary == | == English Summary == | ||
Line 56: | Line 56: | ||
=== Facts === | === Facts === | ||
For special contracts the Vattenfall Europe Sales GmbH checked "behavior that was conspicuous to change" of about 500,000 customers to avoid the offer for new customer advertising being less profitable. Therefore the Vattenfall Europe Sales GmbH used previous invoices. That took place between august 2018 and decembre 2019. The customers were neither able to recognize the data reconciliation nor were informed by the company in a sufficient way. | For special contracts the Vattenfall Europe Sales GmbH checked "behavior that was conspicuous to change" of about 500,000 customers to avoid the offer for new customer advertising being less profitable. Therefore the Vattenfall Europe Sales GmbH used previous invoices. That took place between august 2018 and decembre 2019. The customers were neither able to recognize the data reconciliation nor were informed by the company in a sufficient way. | ||
=== Holding === | === Holding === | ||
The notice does not deal with the question wether the data reconciliation is permissible but was imposed for not informing the customers about the procedure sufficiently. | The notice does not deal with the question wether the data reconciliation is permissible but was imposed for not informing the customers about the procedure sufficiently. |
Revision as of 08:34, 13 October 2021
HmbBfDI (Hamburg) - Vattenfall Europe Sales GmbH | |
---|---|
Authority: | HmbBfDI (Hamburg) |
Jurisdiction: | Germany |
Relevant Law: | Article 12 GDPR Article 13 GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | |
Published: | 24.09.2021 |
Fine: | 901389 EUR |
Parties: | n/a |
National Case Number/Name: | Vattenfall Europe Sales GmbH |
European Case Law Identifier: | n/a |
Appeal: | Not appealed |
Original Language(s): | German |
Original Source: | datenschutz-hamburg.de (in DE) |
Initial Contributor: | n/a |
The Data Protection Authority of Hamburg fined the energy provider Vattenfall € 901,388 for violating Articles 12 and 13 GDPR by not informing their customers of data reconciliation sufficiently.
English Summary
Facts
For special contracts the Vattenfall Europe Sales GmbH checked "behavior that was conspicuous to change" of about 500,000 customers to avoid the offer for new customer advertising being less profitable. Therefore the Vattenfall Europe Sales GmbH used previous invoices. That took place between august 2018 and decembre 2019. The customers were neither able to recognize the data reconciliation nor were informed by the company in a sufficient way.
Holding
The notice does not deal with the question wether the data reconciliation is permissible but was imposed for not informing the customers about the procedure sufficiently. The Hamburg Commissioner for Data Protection and Freedom of Information held that the fine was indicated because of the huge number of concerned cases but had to be reduced for the cooperation of the company and for stopping the violating procedure.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the German original. Please refer to the German original for more details.
Fine imposed on Vattenfall Europe Sales GmbH Fine imposed on Vattenfall Europe Sales GmbH 09/24/2021 Between August 2018 and December 2019, Vattenfall Europe Sales GmbH (Vattenfall) routinely checked contract inquiries for special contracts that were associated with special bonus payments to determine whether the customers displayed "behavior that was conspicuous to change". This check was intended to prevent customers from concluding such bonus contracts so regularly that this offer to attract new customers is no longer profitable for the company. To check this, Vattenfall used invoices from previous contractual relationships with these customers, which according to tax and commercial law must be kept for up to ten years anyway. It was not evident to the customers that such a data comparison was taking place. After examining the process, the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) came to the conclusion that Vattenfall violated the data protection transparency obligations (Art. 12, 13 GDPR) because the customers were not adequately informed about the data comparison became. A total of around 500,000 people were affected. The HmbBfDI then imposed a fine of 901,388.84 euros on Vattenfall. The unlawfulness found does not relate to the data comparison itself, but is limited to the insufficiently fulfilled transparency obligations. The decision is final. The fine imposed does not affect the further question of whether such a comparison is even permissible. This is not expressly regulated in the GDPR; there are no clear legal requirements in this regard. The HmbBfDI has agreed a procedure with Vattenfall which, in its opinion, takes into account both the data protection rights of customers and the economic interests of the company. Both those interested in concluding a contract with Vattenfall for the first time and existing customers are informed transparently and comprehensibly about the data comparison and its purpose. Consumers can now decide whether they want to conclude a discounted bonus contract that includes an internal review of their status as a new customer or a non-discounted contract without such a comparison. Ulrich Kühn, the incumbent HmbBfDI: “We consider the procedure now practiced to be an appropriate balance of all interests involved. The comparisons made in the past were sanctioned because transparency obligations were violated by the customers disregarding the requirements of Artt. 12, 13 GDPR were left in the dark about the practice of data comparison. Since this affected around 500,000 cases, the imposition of a fine was indicated. Vattenfall cooperated extensively with the HmbBfDI in the process and stopped the non-transparent data comparison immediately after the HmbBfDI took action for the first time. That is why the fine had to be reduced significantly. The amount still imposed should be a warning to all companies not to neglect the statutory transparency obligations. Particularly in the case of a large number of those affected, high fines are clearly indicated, as in the present case. " Press contact MehcS NitraM Phone: +49 40 428 54-4044 Email: ed.grubmah.ztuhcsnetad@esserp