© Tiko – Fotolia.com

Geoscoring – 15,000 euro fine for data protection breach

Data protection commissioner's fine order confirmed. Schufa competitor Bürgel must pay a fine of 15,000 euros for geoscoring.

In a ruling dated March 16, 2017 (case reference: 233 OWi 12/17), the Hamburg District Court confirmed the order issued by the Data Protection Commissioner Johannes Caspar.
Accordingly, Schufa’s competitor Bürgel must pay a fine of 15,000 euros due to a data protection breach.

Determination of creditworthiness via geoscoring

The Hamburg-based company “Bürgel Wirtschaftsinformationen” responded to an online company’s request for creditworthiness by sending it the customer’s score based solely on her residential address.
The Hamburg-based company did not have any information about the customer.
Nevertheless, Bürgel determined her score solely on the basis of her residential address.
According to this geoscoring method, creditworthiness is only derived from the payment history of neighbors.

Legal ban on geoscoring in the BDSG

Since an amendment to the Federal Data Protection Act in April 2010, however, such a procedure has been prohibited.
§ Section 28b BDSG states that a credit rating calculation based solely on address data is not permitted (so-called geoscoring).

§ Section 28b BDSG

“For the purpose of deciding on the establishment, performance or termination of a contractual relationship with the data subject, a probability value for a certain future behavior of the data subject may be collected or used if

[…]

3. address data is not used exclusively for the calculation of the probability value

[…].”

Data protection officer safe – Bürgel used geoscoring to calculate creditworthiness

The Hamburg Data Protection Commissioner Johannes Caspar saw Bürgel’s actions as a clear violation of the legal requirements for determining scoring values when checking creditworthiness.
Bürgel had calculated the customer’s creditworthiness solely on the basis of geoscoring and had not included any personal data in the calculation.

Bürgel does not want to have used geoscoring

The company objected that it had informed the online company that the customer was not known to the company.
Therefore, no personal data was transmitted.
However, this objection did not convince either the data protection officer or the Hamburg District Court (decision of 16.03.2017, ref.: 233 OWi 12/17).
The company had unlawfully linked the personal data with an unlawfully calculated scoring value.
This alone constituted a breach of data protection law.

A look into the future: Higher fines for geoscoring due to the EU data protection regulation that will apply from 2018

Bürgel’s complaint about the geoscoring violation will probably not be very successful.
According to Caspar

The ruling of the local court is consistent and complies with the clear legal requirements, which will continue to apply in the future.
The General Data Protection Regulation will increase the range of fines many times over from May 25, 2018.
It is therefore to be expected that such proceedings will no longer be necessary in future due to the far more effective deterrent.

6331df92336b4a2abb8b17ee1a5d86fb Fine Geoscoring

Contact person

Free newsletter

Matching contributions

Search

Request