Carl Brown reports:
A €9.55m fine for a telecommunications service provider for breaching GDPR has been reduced to just €900,000 by a German appeals court.
1&1 Telecom GmbH was handed the original fine last December by the Federal Commissioner for Data Protection and Freedom of Information (BfDI) after it emerged that people calling the company’s customer service hotline could obtain the personal information of others by merely providing a customer’s name and date of birth.
A criminal complaint of stalking was made from a customer, whose former partner asked for her ex-partner’s new phone number via the telecommunications service provider’s call centre, pretending to be his wife. She was only required to give the name and date of birth of the customer to obtain the number, which she then used to harass him.
Read more on PrivSec Report.