43 years after it was founded, the Berlin data protection authority reported a record on Tuesday that its acting head, Volker Brozio, would have preferred not to have. 5671 submissions from those affected reached him and his employees in 2021 alone.
A historic high and an increase of around 800 cases compared to 2020. In addition, there were 1,163 data breaches that companies and authorities reported to data protection officers. These imposed 61 fines of around 133,000 euros.
Digital policy, regulation, artificial intelligence: the briefing on digitization
Corona was responsible for the fact that the authority, which has been managed by Brozio on an interim basis since Maja Smoltczyk’s departure, had to process more cases than ever before. On the one hand, the pandemic made the actual work of the authority, which is advising companies and authorities, extremely difficult. On the other hand, it always provided new grounds for complaints.
Most of them related to the country’s vaccination management and to the Luca app, which is now used for contact tracing. The company “DoctoLib”, commissioned by the Senate to book and organize vaccination appointments, was a particular focus.
It is true that there was no alternative to concluding a contract with DoctoLib for those wishing to be vaccinated when booking an appointment. However, the information from the data protection officer on the data protection-compliant integration of the company was “ignored” by the health administration, as Brozio assured the Tagesspiegel.
“The health administration should have given the service provider clear guidelines as to the purpose for which the data may be collected and when it must be deleted. We are continuing to persevere and the Senate administration is asked to take a stance on this, ”explained Brozio.
In addition, there were complaints against data processing by corona test centers and against the documentation of attendance in restaurants, among other places, which led to data misuse. The Luca app, bought for 1.2 million euros and sold again as quickly as possible, also caused massive trouble with data protection officers.
Another problem from the point of view of the authority: illegal data transmissions by the Berlin police. In a case covered in five pages of the report, the police had sent files to a court without redacting them, which gave a lawyer access to the data of those who reported counter-demonstrations as part of an inspection of the files.
“Regularly” there were cases in which police officers misused their access to police databases to request unauthorized data. Fifteen procedures were initiated and eleven fines issued in 2021 alone. The problem has been known for years and is still unresolved. Given the “extreme” increase in numbers, Brozio demanded, “There needs to be an improved logging process.”