Regulatory actions, fines, warnings, and enforcement decisions
โฌ16,600 fine - Data Protection Authority of Niedersachsen
The DPA of Niedersachsen has imposed a fine of EUR 16,600 on a company in the real estate industry for failing to conclude a joint controllership agreement. In addition, the controller had collected personal data without a legal basis and had not complied with a deletion request in good time.
โฌ900,000 fine - Data Protection Authority of Niedersachsen
The DPA of Lower Saxony has imposed a fine of EUR 900,000 on Hannoversche Volksbank. The bank had analyzed data from active and former customers without their consent. For this purpose, the bank analyzed digital usage behavior and evaluated, among other things, purchases in app stores, the frequency of use of bank statement printers and the total number of transfers in online banking compared to the use of in-branch services. In addition, the results were cross-checked with a credit agency, wher
โฌ1,100,000 fine - Data Protection Authority of Niedersachsen
The DPA of Lower Saxony has imposed a fine of EUR 1. 1 million on Volkswagen. The company had installed cameras on a test vehicle. The vehicle was being used to test and train the functionality of a driving assistance system to prevent traffic accidents. For this purpose, the traffic around the vehicle was recorded with the cameras. However, Volkswagen failed to provide information in accordance with Art. 13 GDPR about the data processing by the cameras attached to the vehicle. The DPA further f
โฌ50,000 fine - Data Protection Authority of Niedersachsen
The DPA of Niedersachsen has imposed a fine of EUR 50,000 on a company. The company sent out a newsletter by e-mail that could not be unsubscribed from due to technical malfunctions. Since the company had sent newsletters relatively frequently, this led to a significant number of unsolicited emails for some data subjects. Furthermore, the data subjects were also unable to lodge an objection via the company's website. In addition, the DPA found that the company did not sufficiently process some r
โฌ500 fine - Data Protection Authority of Niedersachsen
The DPA of Niedersachsen imposed a fine of EUR 5,00 on a private individual. The individual had taken pictures of numerous young women in public. In the course of its investigation, the DPA found that the individual had processed the personal data of the young women, although no effective consent had been given.
โฌ8,900 fine - Data Protection Authority of Niedersachsen
The DPA of Niedersachsen imposed a fine of EUR 8,900 on a company. The company had a customer database on the Internet with thousands of entries. During its investigation, the DPA found that the only access protection the company had implemented was a long-form web address but not additional measures such as password-protected access. The controller relied on the fact that the web would not become known.
โฌ10,400,000 fine - Data Protection Authority of Niedersachsen
The DPA of Lower Saxony (LfD Niedersachsen) imposed a fine of EUR 10,4 million on the electronics retailer notebooksbilliger.de.The company had video-monitored its employees for at least two years without having a legal basis for doing so. Among others, the cameras covered workplaces, sales areas, warehouses and recreation areas. The company stated that the purpose of the installed video cameras was to prevent and investigate criminal acts and to track the movement of goods in the warehouses. Ho
Data Protection Authority of Niedersachsen
A company had stored telecommunications hardware, a server and backup technology in a guest bathroom. The server cabinet, which did not have an intact lock, also served as a changing table.
Data Protection Authority of Niedersachsen
Live video surveillance which was accessible via the Internet and, due to a lack of sufficient pixelation or redaction, allowed persons to be recognized.
Data Protection Authority of Niedersachsen
The camera images of a store were distributed without the knowledge and intention of the controller due to a faulty configuration. The distribution involved recordings of employees as well as customers.
โฌ16,000 fine - Data Protection Authority of Niedersachsen
The DPA from Lower Saxony has imposed a fine of EUR 16,000 on an electronics store. The company had installed a video surveillance system which permanently recorded employees, customers as well as the company's premises and technical equipment. The CCTV was installed for the purpose of protecting customers, employees, safeguarding the company's property rights and prosecuting criminal acts and vandalism. The DPA stated that the recording of employees was not necessary to ensure the purposes asso
โฌ65,000 fine - Data Protection Authority of Niedersachsen
The DPA of Lower Saxony has imposed a fine of EUR 65,000 on a company. The reason for the proceedings was a report by the company to the authority regarding a data breach pursuant to Art. 33 GDPR. As a result, the DPA conducted an audit of the company's web presence. In the process, the DPA discovered that an outdated web store application was used on the site, which was no longer provided with security updates. The developer had explicitly warned against further use of this version, as it conta
โฌ294,000 fine - Data Protection Authority of Niedersachsen
A company was fined EUR 294 000 for 'unnecessarily long' storage and retention of personnel files and for 'excessive' data collection in the personnel selection process, during which also health data were requested.
Data Protection Authority of Niedersachsen
Nine fines between EUR 350 and EUR 1,000 for unlawful use of a dashcam.