Critics and data protection experts are raising serious concerns about the existence of a secondary database that operates outside the view of the public. The primary argument against this practice is that it fundamentally undermines the promise of transparency that Schufa has been promoting. If a company claims to be moving toward a more open and understandable scoring system, the discovery of a hidden, long-term storage of 'expired' data suggests a lack of genuine commitment to these principles. For many, this raises the question of whether the company is prioritizing its own business interests over the privacy rights of the individuals it tracks.
Legal experts point to the GDPR’s core principle of data minimization, which requires that personal data be kept only for as long as is necessary for the purposes for which it was collected. The fact that millions of citizens are unaware that their settled debts, past insolvencies, or other financial history are being stored for years after they should have been deleted is seen as a major breach of trust. Critics argue that even if the data is used for 'testing,' the lack of transparency regarding its existence prevents consumers from exercising their rights, such as requesting the deletion of inaccurate or outdated information.
There is also a broader accountability issue at play. When a private company holds such significant power over the financial lives of millions, the public expects a high degree of clarity regarding what data is held and how it is used. By keeping this database hidden from standard access requests, Schufa effectively prevents individuals from knowing the full extent of the information that exists about them. This lack of visibility makes it difficult for consumers to challenge potential errors or understand the full scope of their digital footprint, leading to calls for stricter regulatory intervention and mandatory disclosure of all data processing activities.
