The German state of Bavaria’s local privacy regulator (BayLDA) recently fined two online retailers for unlawfully transferring customer email addresses as part of separate sales of each companies’ assets.

The German state of Bavaria’s local privacy regulator (BayLDA) recently fined two online retailers for unlawfully transferring customer email addresses as part of separate sales of each companies’ assets. According to the regulator, transferring such information requires prior customer consent or, in the alternative, informing customers of the intent to carry out such a transaction beforehand to provide them the opportunity to object. Because the online retailers failed to take such steps, BayLDA alleged violations of Germany’s data protection law when the acquiring company used the customer information for advertising purposes. While the total amounts of the fines remain undisclosed, BayLDA confirmed they were both in the five figures and emphasized the penalties were “considerable and incontestable.”

TIP: In asset deals involving a transfer of customer data, careful review of the target company’s privacy policy and other disclosures made to consumers is necessary to avoid potential misrepresentations and for compliance with local data protection laws.