Skip to content
PoliticsGeneral-newsHealthTechnology

European Legislative Bodies Approve Resolution Regarding the Role of European Data Protection Overseer

Unlawful Intrusions into Privacy Criticized: NRW Data Protection Report Condemns Federal Constitution Protection, Yet Also Targets Vonovia and WeatherOnline.

 and  Administrator
3 min read
Unapproved Breaches of Privacy: Dataspecter's NW Data Protection Report Castigates...
Unapproved Breaches of Privacy: Dataspecter's NW Data Protection Report Castigates Verfassungsschutz, Yet Also Targets Vonovia and Weather Online.

European Legislative Bodies Approve Resolution Regarding the Role of European Data Protection Overseer

10.06.2025, 5:13 PM - Data Privacy Blues: NRW Commissioner Slams Constitutional Protection Law, Vonovia, and WetterOnline

By: Mike Dude

It looks like data privacy concerns are on the rise in North Rhine-Westphalia (NRW). This was evident in the latest annual report from the State Commissioner for Data Protection and Freedom of Information (LDI), Bettina Gayk, released on Tuesday. Never before has the authority received as many complaints as in 2024.

The new report revealed a staggering 12,490 complaints, an all-time high since the introduction of the General Data Protection Regulation (GDPR) in 2018. The number of inquiries and notifications has tripled since 2018.

For instance, tenants in Vonovia apartments complained about smart smoke detectors installed in their homes which also recorded room climate data. LDI Commissioner Gayk wasn’t pleased, saying "that's not right!"

Report Highlights Data Abuse Across Multiple Industries

The 216-page report provides numerous examples of how businesses are illegally selling or using customers’ personal data without permission.

  • 30th Annual Report: LDI NRW

A case in point, eleven insurance companies in NRW illegally exchanged sensitive health information of their policyholders, a flagrant violation of data protection laws, the report notes. The LDI NRW uncovered this infringement and put a stop to it.

Another example involves the secret use of AI in NRW call centers. The AI software was used to identify callers' emotions based on their voice pitch and tone, an action deemed a "clear violation of data protection rights" by the LDI.

WetterOnline Busted for Illegally Selling User Data

The authority also caught NRW-based company WetterOnline in the act of illegally selling users' precise location data without their consent. When asked by the state authority, the company initially denied the practice but on-site inspections confirmed that WetterOnline was selling location data. The LDI is checking if a fine will be imposed.

  • Vodafone Fined 45 Million Euros for Data Breach | More
  • Illegal Data Query: When Police Obtain Photos of Women | More

Criticism for Constitutional Protection Law

Gayk criticized a proposal made by NRW Interior Minister Reul (CDU), which aims to grant the constitution protection agency access to private video surveillance systems. Gayk expressed concern that millions of people are already being recorded daily by private video surveillance in public transport or at gas stations. She believes that the NRW law needs to be more clearly defined. The goal of her authority is to ensure that data protection remains more than just a buzzword.

Lack of Clarity on Job Disclosure Obligations at Major Events

The LDI also pointed out the ambiguous legal situation in NRW regarding security screening of employees at major events. These events range from sausage vendors at football stadiums to volunteers at music festivals. While other federal states have clarified what self-disclosures applicants must make, NRW has not. According to Gayk, it is important to clearly define what a major event is. Minister Herbert Reul (CDU) has yet to provide a response to her concerns.

Another issue her office brought up with the Interior Ministry - without response so far - concerns the police communicating internally via WhatsApp.

Disagreement with the Federal Government on Data Protection Supervision Centralization

The LDI also criticized the Federal Government’s plan to consolidate data protection supervision for companies under the Federal Data Protection Officer. Gayk believes that centralization would provide little benefit and could end up depriving companies of easy access to tailored advice, as individual cases are currently handled on a case-by-case basis.

LDI: Not "Like a Sledgehammer in the Woods"

According to Gayk, no two companies are the same. The LDI currently provides individualized advice and handles each case with care, a policy that could be at risk in the event of a centralized authority. Gayk hopes the NRW state government will ensure data protection remains a priority.

Sources

  • 30th Annual Report: LDI NRW
  • Press Conference of NRW Data Protection Commissioner, Bettina Gayk, on 10.06.2025
  • Subscribe to our newsletter for politics in NRW here | More
  1. The 30th Annual Report: LDI NRW highlights instances of data abuse across various industries, including eleven insurance companies in NRW illegally exchanging sensitive health information, a clear violation of data protection laws.
  2. In addition, the report reveals that WetterOnline, an NRW-based company, was caught illegally selling users' precise location data without their consent, sparking concerns about data privacy in the general news.

Read also:

    Related

    Latest