IPT Germany

Use of customer data following an asset deal results in huge fines for seller and buyer

By / / Data Protection, IT/Datenschutz

Dr. Thomas Jansen and Dr. Reka Hatala

The Bavarian Data Protection Authority imposed an extraordinarily high fine for violating the data protection laws in the course of a company acquisition.

According to the Authority´s press release dated 30 July 2015, both the seller and buyer in the acquisition were fined a five digit amount each for disclosing customer data during an asset deal.

Email addresses of customers of an online-shop were disclosed to the buyer without consent or even prior notification to the affected customers. Due to the fact that email addresses are personal data, said data transfer violated the legal regulations of the German Data Protection Act.

The Bavarian Data Protection Authority pointed out that the seller as well as the buyer must ensure compliance with all legal regulations with respect to data protection because they both qualify as data controllers.

In addition, transferring customer data without explicit consent may also violate the German Unfair Competition Act if the buyer uses the customer data for marketing purposes.

The inadmissible transfer and disclosure of personal data are administrative offences which – depending on the factual circumstances – can result in fines of up to a maximum of EUR 300,000. The president of the Bavarian Data Protection Authority emphasized that these types of privacy breaches relating to acquisitions will continue to be punished with financial penalties.

Linkedin-in Twitter Facebook-f Instagram Youtube Weixin

© 2019 DLA Piper. DLA Piper is a global law firm operating through various separate and distinct legal entities. For further information about these entities and DLA Piper's structure, please refer to the Legal Notices page. All rights reserved. Attorney advertising.