Austrian Post faces a scandal with storage of personal data of millions of customers without their consent, reported Die Presse. The data protection authority found the national post operator guilty of a violation of the GDPR rules implemented in May 2018 and imposed a penalty of € 18m on the Post. The Post will appeal against the decision.
Austrian Post operates also in a huge segment of direct marketing. For this purposes it stored various data about its customers, not only names and addresses. A stored user profile would include such information as e. g. age, affinity to vote for a political party, invest or buy bio products. The Post administers about 3 million data records and profiles, including 2.2 million profiles with an information on a political party affinity.
The data protection authority stated that the Post infringed GDPR rules by processing of the data on political affinity of people. In addition, a breach of law was found in processing of the data on parcel frequency and the frequency of relocations for the purposes of direct marketing. This is not covered by the GDPR.
In favor of the Post, in contrast, speaks the statement of the data protection authority saying that the Post as a direct marketing company may collect and process certain categories of data without consent of the data entity.
Photo Copyright: Adobe Stock | Pissanu