No-one can accuse recent EU accession state Bulgaria of not taking data protection seriously. At the tail end of last year Datonomy picked up a story concerning the reckless personal data disposal policy of one of Bulgaria’s banks. Now the Sofia Echo reports that electricity distribution company CEZ has been fined 100,000 leva (a little more than 50,000 euro) by the Commission for Personal Data Protection for continued breach of privacy protection regulations.
In 2008 CEZ was told to stop demanding “proof-of-right-of-use” documentation from new customers (documents that would prove a right to use premises might be a rental contract or an ownership deed). According to the CPDP this practice creates a duplicate of the archive of notary deeds at the registration agency, for no good reason: all CEZ needs to know is who will pay the bill. Who has what rights over which property is none of their business. Having fined CEZ, the CPDP is apparently now setting its sights on superfluous data collections reaped by other state monopolists.