Does Schufa violate EU law with its scoring?
The credit check from the Schufa decides in many cases on the creditworthiness of people. For this purpose, the credit agency creates a score that includes various aspects in the calculation. But exactly this score could violate EU law.
Schufa has been struggling with criticism for some time. Above all, the lack of transparency in the classification of people by the Schufa is a central issue here.
Last year, the credit agency then launched a transparency offensive. Because after the general overhaul of the logo and website, Schufa published almost all the information on how their so-called score is composed. A score simulator followed just a few months later, which was supposed to explain the calculation by the Schufa.
But it is precisely this score that is now being criticized again and could even violate applicable EU law. That has a Opinion of the ECJ Advocate General Priit Pikamäe result.
Contents
Is Schufa no longer allowed to create a score?
Advocate General Priit Pikamäe delivered his opinion before the European Court of Justice on Thursday. In it he stated that the automated calculation of creditworthiness by Schufa was “profiling within the meaning of the GDPR”.
However, the GDPR enshrines the right that such decisions – such as those on creditworthiness – may not be processed exclusively automatically.
This is to prevent machines from making decisions about people. However, that is the case with the Schufa score, as the Advocate General estimates. This also applies if a person decides on the final granting of a loan afterwards – for example at a bank.
That’s behind the process
One of the cases at hand concerns a legal dispute between a citizen and the state of Hesse. The citizen was denied an applied for loan due to the score value calculated by the Schufa.
The citizen then asked for the underlying data to be deleted. However, the Schufa only answered with an explanation of how the score value is composed.
The citizen did not receive any information about the information that had been included in his calculation. The credit agency reasoned that the calculation of their score was subject to commercial secrecy.
A second case relates to the discharge of residual debt after insolvency. Information on insolvency is made public by the insolvency courts, but is only stored there for half a year. Schufa, on the other hand, keeps the entries in its files for up to three years.
However, the exemption from residual debt is intended to enable those affected to participate in economic life again. This goal is thwarted by the long storage of the Schufa.
What does the report mean for the Schufa?
First of all, the opinion of the Advocate General is not binding for the judges of the ECJ. However, it is often the case that they follow these in their decision-making. This could be the case in the coming months.
However, the Advocate General does not consider the storage of data by a private credit agency to be compatible with the GDPR. This applies in particular to personal data about an insolvency that has already been removed from the public registers.
In addition, the GDPR grants the right to delete personal data if – for example a credit agency – “processes it unlawfully”.
Also interesting: