Customers’ personal data leaked online by supermarket chain

BEUC NEWS - 12.03.2015

The General Personal Data Protection Regulation currently in negotiations will have major implications for the definition, collection and processing of personal data - particularly between businesses and consumers - yet many consumers often have trouble linking EU regulation and its importance to their daily lives.  

One such unfortunate example of its importance and the need to better protect the personal data of European consumers – particularly online – arose last week. On Friday March 6th, the popular online shopping service ‘Caddy Home’ run by one of the largest supermarket chains in Belgium, the Delhaize company, was discovered to have left many of its clients’ online data unprotected. This data was openly viewable by the public.

The personal details including name, email address and contact numbers of many Delhaize customers with Caddy Home accounts was openly available online and easily findable by search engine.

Our Belgian member organisation Test-Achats contacted the Delhaize Group to alert them as to this inappropriate disclosure  of consumer data.

www.caddyhome.be was subsequently taken offline and Test Achats were told it would not resurface until all affected customers had been personally contacted and that the service was “100% safe”.

Test-Achats issued a press statement and the story was covered in Belgian media such as daily newspaper ‘Le Soir’.

The story clearly embodies the need for robust personal data rights which are easily enforceable, particularly in the online world which plays an increasing role in Europeans’ lives.

Here you can read BEUC’s Key Messages on the EU’s data protection regulation proposal here.

At the time of writing www.caddyhome.be remained offline.