Commissioner Imposes Fine for Third-Party Sharing
PRIVACY LAW—GERMANYSeptember 13, 2011
The data protection commissioner of the German federal state North Rhine-Westphalia (DPA) has imposed a €60,000 fine on an electronic payment service provider, reports Hunton & Williams' Privacy and Information Security Law Blog. Easycash GmbH unlawfully transferred bank account information in approximately 400,000 instances to an affiliated company to analyze the data for customer loyalty and bonus programs, the report states. The data included location, time and amount of bank account transactions. The DPA stated that companies "offering payment transaction services to merchants as trustees must exercise special care regarding such data" and should not share it with third parties for profiling purposes.