Voys is suing fine for not sharing customer data

voys is suing fine for not sharing customer data
voys is suing fine for not sharing customer data

Should telecom providers also share customer data by order of the government if the privacy of that data cannot be guaranteed? That is a question that telecom provider Voys wants to see answered in the lawsuit they filed against the Telecom Agency (AT). In it, the provider disputes the fine of 5000 euros imposed by the AT for not sharing customer data with the Central Information Center for Telecommunication Research (CIOT).

Is it mandatory to share customer data and in violation of the law?

Responding to a request to share customer data with the CIOT is an obligation that telecom providers must comply with according to telecom laws and regulations. Voys argues, however, that sharing that data is in violation of provisions of the Telecommunications Act.

This states that data may only be shared with third parties if it is certain “that only authorized personnel have access to the personal data for legally permitted purposes”. That is literally stated in that law. And then there is also the GDPR, which does not allow data to be handled, stored or shared insecurely. Because the CIOT does not do any logging, it is not possible to find out which user has requested which data. Partly because of this, the security of customer data cannot be guaranteed. The introduction of a so-called audit trail at the CIOT has been postponed indefinitely. In the Police Data Act (the WPG) it states under Article 32a (logging): “Comes into effect at a time to be determined”.

because the ciot does not keep track of who can view which customer data, voys refuses to share data from its customers.
because the ciot does not keep track of who can view which customer data, voys refuses to share data from its customers.

Chain responsibility abolished

For the CIOT, the telecom provider is responsible for the GDPR-compliant data sharing. Voys has a different view, as they have no influence on how shared data is handled at the CIOT. Incidentally, this has been inquiring about for some time, according to a report by Bits of Freedom.

Moreover, chain responsibility for the security of customer data has now been removed. “That weakened security and gave CIOT administrators more options to behave like just the administrators of a phone book, which was also reflected in court,” said Voys owner Mark Vletter.

That is why Voys now wants to clarify this matter through a court order. The judge will make a decision in six weeks.