Of 35 online portals, 19 failed to properly deal with sensitive data in Germany, according to the survey. A top Justice Ministry official said there were "serious shortcomings" in social media and messenger services.
Many online platforms operating in Germany do not comply with the standards of the European Union's General Data Protection Regulation (GDPR), according to a survey commissioned by the Justice Ministry.
Read more: What is GDPR, the EU's data protection law?
"Nowhere near all the services have implemented the GDPR and certainly not completely," Justice Ministry Secretary Gerd Billen told the business daily Handelsblatt on Thursday.
The EU regulation went into force last May and set strict standards for data protection.
Billen pointed out "serious shortcomings" in social media and messenger services.
The survey, conducted by Göttingen University, examined 35 market-relevant services, including Facebook and Twitter, online retail outlet Zalando, reservation portal Booking.com and Deutsche Bank.
It looked at issues such as tracking, information on how personal data would be used and the creation of personality profiles.
Of the 35 online portals, 19 failed to properly deal with sensitive data.
"How the data that in fact require careful protection are handled, such as sensitive information on origin, health and political views, is often negligent," Billen told Handelsblatt.
cw/stb (dpa, Reuters)