When a fine is simply too high – the 1&1 case
Katharina A. Weimer and Johanna Klingen of Fieldfisher Germany analyse a case where the fine was dropped from over €9 million to €900,000.
On 9 December 2019, the German Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, BfDI) imposed a fine of €9,550,000 on the telecommunications service provider 1&1 Telecom GmbH (1&1)(1). In the BfDI’s view, 1&1 had not taken sufficient Technical and Organisational Measures (TOMs) to prevent unauthorized persons from obtaining information about customer data from the customer support call center (Customer Support). 1&1 successfully filed a complaint against the notice of intent to fine with the Regional Court of Bonn (Landgericht Bonn, LG Bonn). In its ruling(2), LG Bonn found the fine imposed by the BfDI lawful but considered it to be too high. Subsequently, LG Bonn reduced the fine to €900,000.
International Report subscribers please login to access the full article
If you wish to subscribe, please see our subscription information.