Hotel: Insufficient legal basis for data processing

The Hungarian DPA has imposed a fine of EUR 8,000 on a hotel. The controller had installed video surveillance cameras that covered the dining room and a whirlpool area permanently recording guests. The controller had installed the cameras for the purpose of protecting individuals and property. However, during its investigation, the DPA found that the controller's pursued purposes could not be considered proportionate to the severe interference with the guests' privacy. The DPA also found that the controller had failed to provide sufficient information about the video surveillance.

GDPR Articles: Art. 5 (1) e) GDPR, Art. 6 (1) GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 31 GDPR
Industry: Accomodation and Hospitality