The Federal Data Protection Commissioner and Freedom of Information (BfDI), the Professor Ulrich Kelber, of the district court of Bonn see as confirmed the decision: the LG Bonn has established today that 1&1 is responsible for its breach. This reveals that data protection breaches are not free from consequences.
For the BfDI, it is the first great judicial proceeding since the GDPR has entered in force. The Court has followed the BfDI opinion on the essential points: 1&1 Telecom GmbH has committed a data protection breach caused by the inadequate security measures into the call center.
Like a company, it should be responsible according to the GDPR standards: I believe that this decision will be taken into account by the companies administration councils. I will wait the written justification, but it is all clear: no company can neglect personal data protection.
The BfDI has sanctioned the telecommunication services provider 1&1 Telecom GmbH in December 2019. Caused by an inadequate authentication procedure in the client phone service of 1&1 Telecom GmbH, the callers could receive wide information on additional personal data of this person by simply saying the name and the date of birth of a client. The BfDI has seen this like a General Data Protection Regulation breach.