A joint research by the NDR and the Süddeutsche Zeitung has shown that both the Schufa (Protection association for general loan security), as well as various credit agencies without consent Cell phone data collect, store, and even use to assess creditworthiness.
Schufa procedure alarms data protection officers: deletion of cell phone data required
Data experts classify the Schufa and Co. approach as “inadmissible”. According to the NDR and SZ, this has been going on since 2018 and should affect every German citizen who has signed a mobile phone contract in the past four years.
In addition, there may also be millions of people who have only paid their bills and ended up in the databases of credit agencies such as Crif Bürgel in this way. Prior consumer consent was not obtained in any of the cases.
Credit check based on secretly collected cell phone data
As the SZ further reports, some credit agencies even included the stored cell phone data in the so-called scores of consumers. These are used to assess a person’s solvency and creditworthiness. In the end, such a score can decide whether contracts are concluded or purchases on account are permitted.
It is not clear which credit bureaus use this practice. Only Infoscore Consumer Data stated that it would not save such cell phone data. Crif Bürgel emphasized that the information would not be used for credit checks.
Data protection conference strengthens consumer rights
In a recent decision, the Data Protection Conference (DSK) declared the behavior of credit agencies to be “inadmissible” and thus increasingly backed the rights of consumers. The reason given by the DSK was that “large amounts of data were collected and processed about normal everyday processes in business life”, but that there was no reason to do so.
Until 2018, it was clearly regulated that credit agencies require consent to collect cell phone data. With the implementation of the GDPR (General Data Protection Regulation), the increased requirements apparently resulted in the process being continued without any clear consent, the SZ reports. One invoked “legitimate interest”.
The decision of the DSK could mean that exactly this had not existed. Then the previous storage by Schufa and Co. should not continue and all cell phone data collected since 2018 would also have to be deleted.
Credit bureaus go to the barricades
The credit bureaus only responded sporadically to official inquiries from NDR and SZ or referred to a joint statement on the subject. It states that credit checks would only be “unnecessarily difficult” without, for example, cell phone data. Especially “financially weaker people” benefited from processing their data, such as migrants, young consumers and senior citizens.
Whether the data will actually be deleted in the end will have to be clarified in the coming months and possibly in court. Until then, these will remain in the databases of Schufa and Co.
Sources: NDR, Süddeutsche Zeitung