Bonn/Berlin, 11 November 2020
Press release 28/220
The BfDI on the judgment in the proceedings against 1&1
The Federal Commissioner for Data Protection and Freedom of Information (BfDI), Professor Ulrich Kelber, sees his own view substantiated by the decision of the Bonn Regional Court:
The Bonn Regional Court has today ruled that 1&1 is liable for its infringement. This shows: Data protection violations are not without consequences.
For the BfDI, this is the first major court proceedings since the entry into force of the GDPR. Important and fundamental questions were clarified. The Court accepted the BfDI’s view on essential points: The 1&1 Telecom GmbH committed an infringement of data protection due to insufficient security measures in the call centre. As a company, it must be liable according to the standards of the GDPR:
I am convinced that this decision will be noticed in the executive floors of companies. I am still waiting for the written reasons for the judgment, but it is clear right now: No company can afford to neglect data protection anymore.
The BfDI had fined the telecommunications service provider 1&1 Telecom GmbH in December 2019. Due to an insufficient authentication procedure at the telephone customer support of the 1&1 Telecom GmbH, simply by indicating the name and date of birth of a customer, callers could receive far-reaching information about further personal data of this person. The BfDI considered this a violation of the GDPR.