Another significant milestone by Max Schrems - an individual who has fought the data protection tide for the last Decade, leveraging the EU's legal frameworks and GDPR legislation to wage a David vs Goliath battle against MNCs, Data Brokers and Government Agencies badly overstepping their mark.
In this case the credit reference agency CRIF buys the PII of millions of Germans from address trader Acxiom to assess their creditworthiness. The trade happens secretly and without the consent or notification of those affected. This in gross violation of the GDPR principle of purpose limitation and consent, and thus a breach of EU Law.
The Bavarian DPA (CRIF) has now ruled that not only have they breached GDPR, but that the credit agency responded to a Freedom of Information request with both incomplete answers and false information.
1 comment
[ 4.8 ms ] story [ 14.3 ms ] threadIn this case the credit reference agency CRIF buys the PII of millions of Germans from address trader Acxiom to assess their creditworthiness. The trade happens secretly and without the consent or notification of those affected. This in gross violation of the GDPR principle of purpose limitation and consent, and thus a breach of EU Law.
The Bavarian DPA (CRIF) has now ruled that not only have they breached GDPR, but that the credit agency responded to a Freedom of Information request with both incomplete answers and false information.