In France to pay Google 50 millions of euros in fines because the group is in breach of the EU data protection regulation (DSGVO). It is the first Time that a European authority is a global Internet group in relation to the DSGVO – even if Google wants to go in appeal.
In Germany, were so far imposed only a few fines, but now seems to be in this country, the grace period expired. Since the EU data protection regime came in may 2018 on the application, imposed the “Handelsblatt”, according to 41 fines, even if not in the millions as in the case of Google.
Stefan Brink, the land Commissioner for data protection in Baden-Württemberg, had imposed in November 2018, the nation’s first fine – it is the Chat platform knuddels.de met at that time. Against another company, he has the highest fine of 80,000 euros.
MIRROR: , Mr. Brink, now, however, the fine shaft due to privacy violations, the had feared, many companies in the spring of 2018?
Brink: The Supervisory authorities lead needed a little bit, because such procedures are not handled under three to four months. Now fines are imposed regularly, on a larger scale and with higher amounts. A five-digit fine will be no longer a rarity.
MIRROR: How hard the company to do the conversion?
Brink: The General data protection regulation is a resounding success. There are no entrepreneurs in Germany who has not heard of the new data protection law. Reason for this is the enormous fines are threats. Errors are now expensive. The strong sales of the company can be punished in extreme cases, up to four per cent of their worldwide turnover or up to EUR 20 million. Even before the DSGVO came in may 2018 on the application, has about a third of the company, since the balance sheet date, a further third has been added.
MIRROR: And the Rest?
Many companies rely on gap, hope you come through so. It is our responsibility as the Supervisory authority, to convince the last third of it, that is not only incorrect but also risky evaluation.
MIRROR: you have imposed Germany’s first and highest criminal payment – would you bring to the company with a particularly tough approach on line?
Brink: We are not out of the privacy with the medium of the fine to implement, but first and foremost, with advice, for example through conversations, lectures, or informational material. In 2018, two of the more notable fines were imposed, was not our goal. But there are violations that need to be visible to be sanctioned.
MIRROR: , As in the case of the platform Knuddels.de?
Brink: Knuddels has been hacked, what can happen to any company – that alone would not have led to a fine. The Problem was that in the case of Knuddels passwords of users in plain text were stolen. Storing passwords in plaintext is a breach, you need to normally be verhasht, so alienated that a third party with the data, can’t do anything if the access succeeds.
MIRROR: , The fine was € 20,000, yet very mild. Why?
Brink: of 20,000 Euro are actually at the bottom of the edge of what to expect of the DSGVO. In the case of Knuddels, you have noticed the Hack and not just the Affected have warned, but also very cooperative to us, turned, and error open. The platform has also invested a six-figure sum in the improvement of safety, we have taken into account in the penalty.
MIRROR: another company had to pay 80,000 euros. Why?
Brink: The case was more serious, because the health data were publicly available. This must not be. Information about health, illness, and disease are among the most sensitive data we have.
MIRROR: , there Is a danger that companies, out of fear of high fines, report no data Leaks?
Brink: The messages are not voluntary, the DSGVO committed to you in the Moment you are hacked. If we are to data breaches to the attention of, the company expects not only a fine because of an error in the area of data security. It also has a considerable penalty threatens, if it has not helped to limit the damage.
MIRROR: , such As do not track privacy violations, if companies report?
Brink: , We search in the Internet or control on-site. But there are also many people register and make us aware of problems. Employees complain about their employers. However, it can be customers, business partners, or even competitors that show a company.
MIRROR: Have increased the complaints now strong?
Brink: , It has become much more work. The complaints have gone from 2500 to 5000 complaints high in the past year. This of course has consequences for the processing time of cases.
MIRROR: Are the country’s data protection officer overwhelmed in order to punish DSGVO violations?
Brink: We need to create. In Germany, we are well-equipped as the Supervisory authority is relatively good. Other Places in Europe, but also in Germany, have major difficulties. In Baden-Württemberg, Germany with a staff of 60 of the largest Supervisory authorities, we have even created a fine place, with a staff of two. There are, however, smaller authorities with 10 to 20 employees. Since it is difficult for the whole range of cover.
MIRROR: Google has in France, opposition to the 50-million fine announced. German companies are fighting back against fines?
Brink: Knuddels was a positive case, because the delivery is by mutual agreement. But companies have the right to appeal, so that we must argue before the court. This is a huge amount of work. It will be in the future, don’t pull any punches and dishes have to learn, with unusual fine heights. Privacy are incurred Offense not a trivial offence, of which the 120-Euro-penalties. It’s about a five-or six-digit amounts, in the near future, also to fines in the millions.