D:Credit scoring and data protection

New transparency rules in the area of credit scoring have been applicable since April 1, 2010.

According to such rules, companies must disclose with which method a score value (i.e., a credit value) has been calculated. In particular, they may not base this value exclusively or predominantly on the residence of the debtor. The change was hotly contested in the legislative proceedings, such that the adherence to the regulation is thoroughly in the public interest.

Within the framework of the awarding of contracts, many companies cooperate with the SCHUFA credit inquiry agency (protective association for general credit protection) and frequently receive from such source credit values in automated processes, which are crucial for the awarding of loans and the conclusion of agreements.

After the Independent State Center for Data Protection (Unabhängige Landeszentrum für Datenschutz, ULD) in Schleswig-Holstein recently inquired from SCHUFA information regarding the calculation of the credit values and regarding the credit scoring system that it operates, such information was - according to a report of the ULD - not disclosed. Moreover, the necessary information on the calculation fundamentals was obviously not being made available to other data protection commissioners.

Against this backdrop, it would be more than questionable that savings banks, banks and other companies want to comply with their legal transparency obligations in respect of their customers under the new legal situation. If there is no disclosure of the calculation methods and the calculation basis of a service provider that supplies the credit data, or at least calculates a fully substantial component of the credit evaluation, it is also the case that the inquiring company cannot provide reliable information.

Thereby, a disclosure of the formula for the calculation of the probability value is not legally necessary. It is sufficient if the companies, in accordance with § 34 para. 2, s. 4 of the Federal Data Protection Act (Bundesdatenschutzgesetz), immediately refer the parties concerned with the disclosure to the office responsible for the calculation - in this case, SCHUFA.

Therefore, it remains to be seen whether the calculation models and the fundamentals in credit scoring will remain in secrecy in the long term. In case of need, the courts must also make decisions on this and enforce the legal position.

Companies requiring credit information are surely well-advised to consider the new transparency rules upon contract formation, and to agree upon appropriate disclosure obligations with the credit agencies.