The Data Protection Authority penalizes a merchant that creates customer cards through the reading of the electronic identity card.
The Data Protection Authority has sent a strong message by fining a trader as much as €10,000. The merchant only offered electronic identity card (eID) reading as a method of creating customer cards. However, using the data on the eID without the customer’s valid consent was considered disproportionate in relation to the service offered.
The eID contains a wealth of personal information about the owner, including name, address, date of birth and more.
The unauthorized use of this data to create loyalty cards is a serious invasion of customer privacy and in violation of data protection principles.
With this fine, the data protection authority stresses the importance of obtaining valid consent from customers when using their personal data. Simply offering a service is not sufficient justification for accessing sensitive information.
As a merchant, it is essential to be compliant with data protection laws.
Always be sure to obtain proper consent before collecting or using personal information. Protection of customer privacy should always be a priority.
Let this be an important lesson to all merchants: respect customer privacy and act in accordance with applicable laws. Together we can provide a safe and trusted environment where personal information is treated with respect.