The Federal Commissioner for Data Protection and Freedom of Information (BfDI), Ulrich Kelber (SPD), has imposed a fine of 9.55 million euros on the company 1 & 1 Telecom. The telecommunications service provider had taken no adequate measures to prevent unauthorized access to customer data in the telephone customer service, said the BfDI. According to the federal authority, 1 & 1 thereby violated the European General Data Protection Regulation (DSGVO).
Callers would have been able to obtain "extensive information on additional personal customer data" from the customer's customer care just by providing the name and date of birth of a customer, they said. 1 & 1 have now introduced an improved authentication process. A fine was, however, required because the infringement represented a "risk to the entire customer base".
Data protection is fundamental rights protection, said Kelber. The fine was "a clear sign that we will enforce this protection of fundamental rights". He pointed out that the fine could have been higher, but the company had shown itself to be reasonable.
1 & 1 announced to sue against the decision. "The fine is absolutely disproportionate," said the telecommunications service. The case had already occurred in 2018 and the company had complied with the usual security precautions at that time. The security of customer data is "top priority".