Details:
| Summary | The Dutch DPA (AP) has fined the municipality of Enschede EUR 600,000. In 2017, the municipality decided to install special measurement boxes to measure crowds in the city center of Enschede. Sensors in the measurement boxes detected the wifi signals from the cell phones of passers-by and registered them with a code. Based on the registered codes, it was possible to calculate how busy the city center was. However, this also made it possible to track which measurement box a particular cell phone passed by, making it possible to track the movement of passers-by. The municipality states that it was never its intention to track passers-by. However, the DPA finds that the wifi tracking (even if it was unintentional) constitutes a serious breach of the GDPR. The DPA concludes that the municipality tracked its passers-by without an effective legal basis and thus violated Art. 5 (1) a) GDPR and Art. 6 (1) GDPR. |
| Link: | link |
| Related articles: | Art. 5 (1) a) GDPR, Art. 6 (1) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 600,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/