Since August 1, the commercial and other central registers have been open to public inspection without cost or registration. Since a lot of sensitive data can be found here, the opening up has provoked criticism. Especially the facilitation of identity theft is pointed out.
German Association for Data Protection calls for shutdown
Data protection associations have already pointed out that the personal data on companies and associations made freely available as part of the digitization of entries in the respective registers made abuse much easier. For example, data such as the date of birth, address, bank details and signatures of persons responsible for all registered companies, clubs and associations can now be accessed largely without any hurdles. This makes it easier to impersonate these persons.
The German Association for Data Protection, one of several data protection associations in Germany, has therefore called for the platform to be shut down or at least for access to some essential data to be restricted immediately. In this context, Chairman Frank Spaeing pointed to the aforementioned risk of identity theft as well as other offenses that would be facilitated by the free registers. Furthermore, he pointed out that this would counteract essential objectives of the EU Data Protection Directive.
Board member Thilo Weichert supplemented these remarks with a critique of the data protection policy of the federal government, which is no longer in office, in recent years: “The old federal government implemented the GDPR in many respects in disregard of European law requirements. A timely correction is urgently needed. In order to prevent the misuse of online data in the short term, those affected should at least be granted a right of objection with regard to the publication in the register of particularly sensitive individual details.”
Lilith Wittmann supports criticism
The hacker Lilith Wittmann, who works for the collective Zerforschung as well as bund.dev, among others, joined the criticism on Twitter. She claimed to have generated a 100 GB dataset via scraping from the platform, which she originally intended to make publicly available. However, out of concerns similar to those raised by the German Privacy Association, she ultimately decided not to share it. “Actually, that’s not our idea of #OpenData. So for now, only giving a few people access to a dataset.
However, at the moment we do not see ourselves in a position to assess what social risks such a dataset poses,” she wrote on Twitter.