• Telekom, Telefónica, and Vodafone face legal action over data privacy accusations.
  • Operators allegedly handed non-sensitive customer data to credit agencies.

German operators sued for GDPR breach

German operators sued for GDPR breach

Source: Verbraucherzentrale NRW

North Rhine-Westphalia’s regional consumer advice bureau Verbraucherzentrale NRW is taking action against German operator trio Telekom Deutschland, Telefónica (O2), and Vodafone, amid allegations of data privacy breaches.

The operators are accused of passing on customer data to credit agencies, violating the European Union’s GDPR legislation.

The allegations refer to so-called ‘positive’ data, which includes information such as contract dates but does not include sensitive personal data points. Wolfgang Schuldzinski, head of Verbraucherzentrale NRW, admitted it “may seem harmless at first glance, but any information about consumers can be used by companies to make tangible decisions”.

He said positive data can help a credit agency determine how often a person has switched contracts. Consumers who switch regularly may be deemed unreliable, for example.

“ The protection of consumers from excessive processing of their personal data outweighs the companies’ economic interests. ”


Verbraucherzentrale NRW said it attempted to warn the operators about the issue, but is now suing in the district courts. O2 is being taken to court in Munich, Telekom in Cologne, and Vodafone in Düsseldorf, where the operators are respectively headquartered.

It is not the first time the operators’ data privacy policy has been scrutinised. Vodafone Group paid a cumulative €2m (£1.7m) in fines for data privacy issues in the year to 31 March 2022 (FY21–22), up from €20m in FY20–21. Primarily, the fines were related to a telesales issue involving Vodafone Spain.