The Kingdom Tower
It is better not for companies to secretly monitor their customers
This week it came out that the car rental company Europcar had to pay a fine of 54,000 euros for violating data protection. For several years, Europcar had installed GPS systems in premium-class rental cars and was therefore able to locate the location of the car at any time. In addition to the location, the date, time and speeds were also recorded - and all of this without the tenant's knowledge.
The case is now relevant in terms of data protection law because, thanks to the data collected, it was possible to create a comprehensive movement profile of the car renter. Europcar's motive for the surveillance campaign was clear: it was about securing its own vehicle fleet against theft and against the dangers of use contrary to the terms of the contract. That is certainly understandable from an entrepreneurial point of view. But from the point of view of data protection law, Europcar must be able to demonstrate a so-called legitimate interest, which must also outweigh the interests of the tenants if such tracking is to be permitted.
Christoph Rittweger, partner and head of the IT team at Baker & McKenzie
Since the tenant interests were monitored in such a way, regardless of a specific suspicion, in the event of such a significant interference with personal rights - typically, the tenant's consent is typically the only means of making the monitoring lawful.
Car rental companies and landlords of other premium items who want their rental items to be monitored will therefore have no choice but to show transparency: they must inform their customers in advance of the intended monitoring and obtain the consent of the tenants - or on their monitoring or renounce the rental to them entirely if the tenant refuses to give their consent.
British Airways' ideas are heating up the minds on the island
However, not only mistrust in one's own customers, but also measures that are supposed to serve to improve service and promote customer satisfaction can have pitfalls in terms of data protection law. This is shown, for example, by British Airways' plans to compile data on its passengers in order to get to know them in advance. The airline not only wants to hoard general group-internal data about flown routes or booking modalities, but also personal information such as previous menu choices or previous complaints. The personal dossier, which is to be transmitted to the flight attendants via tablet PC, is to be rounded off with photos of the passengers, which are recorded through research on Google.
A personal greeting may be flattering for passengers and make them feel like they really are king. But at the latest as soon as sensitive information is researched and used - such as indications of food intolerance, for example - the customers should, despite all the advantages of a personalized service, creep a queasy feeling. Privacy advocates in the United Kingdom are also storming British Airways' plans.
Companies should keep their hands off the secret collecting and linking of publicly available data via Facebook and Google
This uncomfortable feeling also corresponds to a legal rule: Because data protection laws in the EU are based on a strict purpose limitation and transparency in the collection and use of data. If data that is collected in the context of a business relationship is to be used beyond the requirements of entering into, fulfilling or terminating the contractual relationship, this is only permitted within limits.
The same applies to the linking of such data with data that are publicly accessible on the Internet. Such a use has to be weighed against the personal rights of the customer, even with the legitimate interest of the service provider to improve the service. Combining information into a comprehensive profile, including information from various sources - I am thinking of the Facebook option - should no longer meet this requirement.
Such measures are also only permitted if the customers first receive transparent information about the specific intended use of data - and if necessary they give their consent.
Four years from now, corporate data breach fines may increase to as much as two percent of annual global sales
Service providers should therefore be sensitized to the requirements of data protection law when using data for their own business purposes and, if in doubt, inform their customers about their plans in advance. And - if necessary, obtain customer consent. Especially when the use of data goes in the direction of creating profiles. Incidentally, when the new European data protection regulation comes into force - currently expected for 2016 - there is a risk of severe fines in the event of violations: the upper limit can then amount to up to two percent of global annual sales.
- Are there any R-rated anime films
- Are other government candidates eligible for TNEA
- What is the smallest square of 5
- Overall, are the reviews of Yelp Elite more helpful
- Uses SpaceX technology from Area 51
- Which is the best university in Chennai
- How does parallelism work in a quantum computer
- How do I become President 3
- Why does Sasuke kill Karin in Naruto
- How big are 1920 x 1080 pixels in inches?
- How do I learn to spit fire
- What is normochromic anemia
- How do I help elderly beggars
- Why was the film called Inception
- Does MSI Afterburner work with AMD
- Why did you switch to a vegan
- How are crystal chandeliers made
- How will Trump's presidency affect television?
- What kind of phenomena is radioactivity
- Who supplies medication for rehab centers
- Politicians arent only glorifying cheaters
- What is fast sorting in the data structure
- How can we create web design graphics
- Which numbers are considered particularly lucky