The European Court of Justice (ECJ) is currently dealing with the credit reporting agency SCHUFA Holding AG (hereinafter: SCHUFA). The HBDI had previously rejected several complaints against the credit reporting agency SCHUFA, which were then appealed to the VG. The VG then referred several questions to the ECJ for a preliminary ruling. At the end of last week, the opinion of Advocate General Priit Pikamäe was published ( press release ). The ECJ is not bound by the Advocate General’s opinion; however, it has frequently followed it in the past by the ECJ – Update.
Background: by the ECJ – Update
The credit scoring score is a numerical value calculated . Credit agency that is intende to provide a prediction about a potential . Borrower’s future creditworthiness (forecast). The australia business fax list credit institution uses this to protect itself and manage default risks. This prediction depends largely on the information the credit agency uses to calculate the score. (Further background information can be found here .)
The Administrative Court of Wiesbaden referred the following eagerly awaited questions to the ECJ for a preliminary ruling:
1. Question of interpretation:
Does the automated creation of a SCHUFA score already constitute automated decision-making pursuant to Art. 22 (1) GDPR?
Advocate General’s assessment: Yes!
“[…] The Advocate General concludes that this provision [Article 22(1) GDPR] must be interpreted as meaning that the automated creation of a probability value regarding the ability of a data subject to service a loan in the future constitutes a decision based exclusively on automated processing – including profiling – which produces legal effects concerning the data subject or similarly significantly affects him or her, if that value, determined on the basis of the data subject’s personal data, is transmitted by the controller [credit agency SCHUFA] to a third controller [credit institution, online retailer in the case of purchase on account] and that third party, according to established practice, bases its decision on the establishment, implementation, or termination of a contractual relationship with the data subject on that value . […]”
Practical consequences?
In the context of requests for information, a credit agency such as SCHUFA generally relies on a key Federal Court of Justice ruling on the the network adapter is not installed or is out of dateprotection of the scoring formula (Federal Court of Justice of January 28, 2014 – VI ZR 156/13). According to the Federal Court of Justice, disclosure of the algorithm is not covered by the right to information due to the credit agency’s interest in keeping its algorithm confidential as a key business secret.
In particular, the weighting of individual calculation elements and the formation of any comparison groups are not subject to disclosure as content protected by trade secrets (see Guideline 3). Rather, only the basic assumptions of the algorithm’s logic must be disclosed.
In this case, it will be interesting to see whether the protection of the scoring formula established by the Federal Court of Justice can be maintained or whether the Federal Court of Justice’s case law will change.
Practical consequences?
If the ECJ follows the Advocate General’s opinion, this means that the SCHUFA information collected from the public insolvency register and used as the basis for the creation (i.e. the calculation) of a score value may not be taken into account for longer than storage in the public register itself is permissible.