German operators sued for GDPR breach

North Rhine-Westphalia’s regional consumer advice bureau Verbraucherzentrale NRW is taking action against German operator trio Telekom Deutschland, Telefónica (O2), and Vodafone, amid allegations of data privacy breaches.

The operators are accused of passing on customer data to credit agencies, violating the European Union’s GDPR legislation.

The allegations refer to so-called ‘positive’ data, which includes information such as contract dates but does not include sensitive personal data points. Wolfgang Schuldzinski, head of Verbraucherzentrale NRW, admitted it “may seem harmless at first glance, but any information about consumers can be used by companies to make tangible decisions”.

He said positive data can help a credit agency determine how often a person has switched contracts. Consumers who switch regularly may be deemed unreliable, for example.

“ The protection of consumers from excessive processing of their personal data outweighs the companies’ economic interests. ” said Schuldzinski.

Verbraucherzentrale NRW said it attempted to warn the operators about the issue, but is now suing in the district courts. O2 is being taken to court in Munich, Telekom in Cologne, and Vodafone in Düsseldorf, where the operators are respectively headquartered. TelcoTitan