1. Inhalt
  2. Navigation
  3. Weitere Inhalte
  4. Metanavigation
  5. Suche
  6. Choose from 30 Languages

Business

Transaction broker is alleged to have violated consumers' privacy

Allegations have surfaced over widespread privacy violations at the cash registers of German grocery stores. One transaction broker is said to use a database of 50 million bank accounts to make decisions about credit.

A woman holds up an EC card

Extensive data is gathered about customers' electronic transactions

Millions of shoppers work their way through Germany's supermarket checkout lines daily. And many choose to pay with electronic cash cards for the sake of convenience. Unbeknownst to them, however, doing so may lead to credit checks and data gathering.

Easycash, the German market leader in processing electronic cash transactions, actively uses a database of up to 50 million bank accounts to make decisions about individual consumers' creditworthiness, the Frankfurter Rundschau reported Thursday.

Other companies like Telecash and Intercash offer similar services to retailers.

When consumers pay for groceries with electronic cash, they're given a receipt to sign if their credit rating is satisfactory. Otherwise, they're asked to enter their PIN (personal identification number) code.

While that may not matter much to a harried shopper in a hurry to go home to make dinner, it does to retailers. A transaction based on a signature is less expensive for them, but leaves them stuck with the responsibility if funds are insufficient. A transaction made with a PIN code is more expensive but guarantees they'll get their money.

A grocery store checkout

Grocery stores use credit scores to choose between PIN and signature transactions

Making an informed decision about which processing method to use can save money for retailers. Although Easycash stores the time, date, location and amount of a transaction in conjunction with card and bank account information, the company denies that what it saves is classified as personal information, according to the Frankfurter Rundschau.

Consequences unclear

Thomas Stadler, a Freising-based blogger and lawyer specialized in information technology and commercial law, said there is no doubt the data being collected by Easycash and others is personal.

“Ultimately, the entire purpose of (Easycash's) entire database is to determine the creditworthiness of specific people,” he told Deutsche Welle. “Sooner or later a personal connection has to be created; otherwise, the entire database would have no purpose.”

Under Germany's Federal Data Protection Act, storing, processing and/or transferring personal data requires a legal permit, according to Stadler.

“Otherwise it's not permissible… then they're violating the Federal Data Protection Act, making their database – the collection of data – illegal,” he said. “The question now is what the data protection authorities will negotiate with them.”

It's not clear what authorities will do should a court rule that Easycash has violated the law. According to Stadler, individuals would be given the right to demand data about them be deleted. Authorities, however, would not be able to confiscate or delete the database, but could penalise the company with repeat fines.

Author: Gerhard Schneibel
Editor: John Blau

DW recommends