In 2022, the Berlin data protection authority issued 269 warnings, seven warnings and four orders to private and public bodies. This emerges from the current activity report of the independent institution, which the new data protection officer of the capital, Meike Kamp, presented on Monday. The sum of fines imposed in 2022 thus totaled 716,575 euros – downright modest compared to the record fine of 1.2 billion euros recently imposed on Meta in Ireland on the basis of the General Data Protection Regulation (GDPR).
The highest fine in Berlin in 2022, at 525,000 euros, hit an online retailer after a previous warning, to which Kamp alleges a conflict of interest with the company data protection officer. According to the report, the company, about which the authority cannot yet provide any information for legal reasons, used an internal controller who was also the managing director of two service companies. These acted as processors for the “subsidiary of an e-commerce group” with sales in the hundreds of millions. According to Kamp, the task should not be performed by people “who would monitor themselves as a result”. The company concerned has appealed against the decision.
Unauthorized inquiries at job centers and the police
Kamp also issued fines against a credit agency that had stored 13 incorrect dates of birth for a complainant. Further fines were directed against corona test centers and unauthorized database queries by employees of job centers and police officers. Overall, the authority initiated 18 proceedings against law enforcement officers last year. It sanctioned several cases in which police officers used information obtained on the job, for example from a burglary victim, for private purposes. Kamp’s predecessor Maja Smoltczyk had previously repeatedly complained to the police about violations of the Poliks IT system.
The State Office for Immigration (LEA) announced to the inspector that it would initially refrain from searching cell phones, for example those of asylum seekers. The readout with special software should be “set promptly”, it says. The high effort involved in viewing the data obtained is not in proportion to the success of the measures. On the 120 pages, Kamp also criticizes various data breaches in apps and web services and the sending of messages by doctor’s offices to the “wrong people”. In 2022, private individuals contacted the supervisory authority with a complaint or a request for advice in a total of 4,445 cases. In the previous year, there were still 5671 entries during the peak of the fight against the pandemic. The number of reported data breaches also fell slightly to 1068 incidents. This was often due to attacks with malware or vulnerabilities.
To home page