The Berlin data protection registrar (Berliner Beauftragter für
Datenschutz und Informationsfreiheit) has completed an investigation into employee monitoring by Deutsche Bahn, the German federal railway company. On 16 October 2009 he imposed a fine on Deutsche Bahn of €1.1 million. The company had fourteen days to appeal the fine, but a press release
from the Berlin regulator dated 23 October 2009 suggests that Deutsche Bahn have accepted the fine.
Amongst other infringements, the company had been found to have monitored hundreds of thousands of employee e-mails and searching their computer hard drives. During 2006 and 2007 all employee external email accounts were monitored. This was a major scandal in Germany when the story first broke, which led the Deutsche Bahn CEO at the time, Hartmut Mehdorn to announce his resignation in March 2009, to be replaced by former Daimler executive Ruediger Grube.
In contrast, if Network Rail and all the train operating companies in the UK were found to have breached the Data Protection Act 1998 in a similar way, the most the Information Commission could do is impose upon them an enforcement notice. Only if this notice were breached could the relevant company be prosecuted and fined a paltry £5,000. Fining powers are included in the Data Protection Act 1998 (ss. 55A-55E), but these have yet to be brought into effect by the Government.