How the FAZ reports, the data protection commissioner of Baden-Württemberg has filed a complaint against the social network “Knuddels” based on the GDPR a fine in the amount of EUR 20,000 imposed.
Knuddels was a victim of theft of personal data, including passwords and email addresses, and the network had stored the passwords unencrypted for a long time (more than 10 years), which was a breach of data security and thus the GDPR means. The penalty appears in view of the upper limit of the fine of EUR 20 million relatively mild, which FAZ – citing Knuddels’ attorney, Tim Wytibul (now of Latham & Watkins) – attributed to the fact that Knuddels cooperated fully with the authorities and that it was important to the agency to reward cooperative behavior.