Ulrike Elteste and Anna Oberschelp de Meneses of Covington and Burling write:
On December 9, 2019, the German Federal Data Protection Supervisory Authority (BfDI) imposed a 9.55 million Euro fine on the telecommunications company 1&1 Telecom GmbH. The BfDI found that the authentication procedures used by 1&1’s customer helpline were insufficient and failed to satisfy the requirements of Art. 32 GDPR. The company announced that it will challenge the order, arguing that the size of the fine is disproportionate.
Read more on Inside Privacy.