CRIF Austria responded swiftly to “noyb” injunction in a statement on December 4th 2023 that it does not use address data from “AZ Direct” for credit rating information!

“The data protection initiative “noyb” announced today that it has filed an injunction against CRIF and falsely claims in its report (https://noyb.eu/de/noyb-sues-crif-and-az-direct-illegal-and-secret-dataprocessing) that CRIF continues to use address data purchased from “AZ Direct” to assess creditworthiness, despite two other decisions by the data protection
authority.

CRIF rejects this statement as untrue. Known by “noyb”, CRIF has not used any address data from AZ Direct to assess creditworthiness since 17 October 2023.  This is done voluntarily and regardless of the outcome of the proceedings with the data protection authority, which are ongoing due to objections.

Address data from “AZ Direct” is used exclusively for identity verification in compliance with all data protection regulations.
The injunction action filed by “noyb” is therefore unfounded and without merit, and CRIF will also inform the responsible authorities regardingly.”
                                                           ———————–
Press inquiries:
Mag. Ruth Moss
CRIF GmbH
Rothschildplatz 3/Top 3.06.B, A-1020 Wien
Mobile: +43 676 897 169 520
Email: r.moss@crif.com
c/o KRAFTKINZ Powergroup GmbH
Pamela Schmid-Graf
Mobile: +43 660 15 17 597
Email: crif@kraftkinz.com

Background:  NOYB Sues CRIF and AZ Direct for Illegal and Secret Data Processing (published by BIIA December 8th 2023)

noyb has filed a lawsuit against the credit reference agency CRIF GmbH and the address trader AZ Direct. The companies secretly trade the address data of almost every adult in Austria. By doing so, CRIF obtains information that was actually collected for advertising purposes – in order to calculate credit ratings. As the Austrian data protection authority confirmed in two decisions, this violates the GDPR. noyb is now suing for injunctive relief and damages, among other things.

Data protection violations as a business model. The address trader AZ Direct (part of the Bertelsmann Group) regularly provides personal information such as name, address, date of birth and gender of Austrians to the credit reference agency CRIF. This is illegal, as address publishers are only allowed to share this data for advertising purposes. In reality, however, CRIF uses the data to calculate people’s (supposed) creditworthiness. This can have far-reaching consequences, such as the rejection of contracts or poorer conditions when granting loans.

Unlawful data trading simply continued. The Austrian data protection authority (DSB) has confirmed in two decisions (following a noyb complaint) that this practice is unlawful: the secret data trading is not compatible with the data protection principle of purpose limitation and takes place without a suitable legal basis in accordance with the GDPR. Despite this clear position, the authority has not yet taken any measures to stop the illegal data processing. noyb has therefore filed a lawsuit with the Vienna Regional Court for Civil Matters on behalf of seven affected persons.

Max Schrems, Chairman of noyb“AZ Direct and CRIF continue to illegally profit from the data of millions of people in Austria – and the data protection authority has so far done nothing to put a permanent stop to this illegal data trading. We therefore see no other option than to turn to the civil courts.”

Injunction, damages and restitution of the enrichment demanded. The aim of the lawsuit is to obtain an injunction. CRIF and AZ Direct should be prohibited from continuing with the illegal data processing. In addition, noyb is demanding non-material damages for the data subjects whose data has been processed secretly and unlawfully for years. Last but not least, the two companies have unlawfully enriched themselves through the data processing. CRIF and AZ Direct must therefore explain how much money they have earned per data subject and then hand over this money.

Max Schrems: “CRIF and AZ Direct are trading millions of data records behind the backs of the data subjects without obtaining the necessary consent. We are convinced that appropriate compensation will have to be awarded here.”

Just the first step. The lawsuit with seven affected individuals is just the beginning. CRIF holds the data of millions of people in Austria, most of which originates from address publishers such as AZ Direct. In most cases, the people affected know nothing about this, as neither AZ Direct nor CRIF fulfil their obligations to provide information under data protection law.

Source: NOYB – European Center for Digital Rights

About NOYB:  NOYB – European Center for Digital Rights (styled as “noyb”, from “none of your business”) is a non-profit organization based in Vienna, Austria established in 2017 with a pan-European focus. Co-founded by Austrian lawyer and privacy activist Max Schrems, NOYB aims to launch strategic court cases and media initiatives in support of the General Data Protection Regulation (GDPR), the proposed ePrivacy Regulation, and information privacy in general.[1][2] The organisation was established after a funding period during which it has raised annual donations of €250,000 by supporting members.[3] Currently, NOYB is financed by more than 4,400 supporting members. (Source Wikipedia).  NOYB is based in Austria.