The civil rights organization Digitalcourage has awarded the “Data Kraken of the Year”. In focus: DHL Packstations, data from online sellers and bank customers as well as video telephony from Zoom and Microsoft.
The parcel notification card in the mailbox is one of the last refuges of analog everyday life. If you present the card and ID, your parcel will be handed over to you at a post office or DHL shop. Deutsche Post DHL wants to take away this freedom from more and more customers.
With one of this year’s Big Brother Awards for “data octopuses” the civil rights organization Digitalcourage draws attention to this. The unpopular anti-prizes will be presented in Bielefeld this Friday. In addition to the “digital compulsion” at DHL, data storage by online private sellers, insecure transmission of bank customer data and the video services Zoom and Microsoft Teams are also recognized.
At certain Packstations there is “digital compulsion”
DHL has converted its packing stations so that you can no longer pick up a package there without a smartphone and the Post & DHL app. And according to Rena Tangens from Digitalcourage, it “sends data to tracking companies without being asked”. That is illegal.
In the case of newer packing stations without a display, “Swiss Post now cheekily uses the customer’s smartphone for data transmission between the packing station and the post server,” the price justification goes on to say. The collector has to establish a Bluetooth connection for this, which might challenge, if not overwhelm, some users. Conclusion of Rena Tangens: “This digital compulsion deserves special criticism, because here a former state-owned company excludes citizens from an important basic service.”
“We are very well aware that there are also customers for whom the use of the app-controlled Packstations may initially seem to take some getting used to,” says Deutsche Post DHL spokesman Stefan Hess star and refers to “numerous delivery options”. Depending on where you live, this may also mean longer distances if the nearest parcel shop is further away than a packing station.
Data from online retailers is stored for 10 years
Since the beginning of the year, anyone who makes more than 30 sales per year on Ebay and other platforms or has a turnover of more than 2000 euros has been sharing the relevant data with the tax office. The operators have to share their name, date of birth, address, tax identification number and bank details with the financial authorities, as well as the sales prices and fees and commissions. The Platforms Tax Transparency Act (PStTG) stipulates this.
The jury also justified the Big Brother Award with the long storage of the data by companies and tax authorities: “The law therefore requires ten years of double data retention. And this even though there is no tax liability for most private sales – even if they exceed the completely arbitrary reporting threshold .”
According to the Income Tax Act, private sales of “everyday objects” and things that are more than one year old are not taxable. So why this hunger for data? The Federal Ministry of Finance “as a matter of principle does not comment on external press releases or announcements”. The law serves “to implement the relevant EU directive into national law”.
Security
The main thing is that we all fall for these password myths
When changing accounts, sensitive items fall into the wrong hands
Anyone who changes their checking account can involuntarily make acquaintance with a Big Brother award-winning company that, according to Digitalcourage, carelessly handles sensitive financial data. According to Digitalcourage, the fintech service provider Finleap Connect has been incorrectly sending information about changing accounts to companies that have nothing to do with the process for years. This involves, for example, changing current direct debits. Names, dates of birth and new account numbers and even scanned signatures of bank customers would fall into the wrong hands.
According to Digitalcourage, Finleap Connect ignored “repeated references” to the data leak. At the request of star the Hamburg company admits the allegations and speaks of an “incident of suboptimal allocation of certain data records, which in 2021 for a short time in the absence of a short-term check of the end customer led to incorrect data being forwarded from end customers to payment providers, but this was rectified after a very short time and about which we immediately informed the responsible data protection authority”.
Finleap Connect is silent on the number of affected customers. It seems unlikely that the source of error was completely eliminated by “maintaining significant usage instructions for end customers”. Because at Digitalcourage, a number of stray letters full of private information have arrived in the last few months. Anyone who is going to change their bank in the near future should therefore ask whether Finleap Connect handles the data with the “account switching service”.
Free zooming is paid for with data
Boomers used to think of cameras or the song by Klaus Lage (“A thousand and one nights – and Zoom made it”) when they heard the Anglicism “Zoom”. Since the Covid pandemic, the words zoom and zoom have come to stand for video conferencing. The Big Brother jury criticizes the large amount of data that is collected and processed by all participants in a video conference: “Zoom is an attempt to draw people who want to communicate with each other in a video conference into the maelstrom of surveillance capitalism.”
The US company Zoom Video Communications Inc. also received the Big Brother Award because, as a US company, it had to forward data to secret services, but still claimed to be GDPR-compliant (GDPR stands for General Data Protection Regulation). The jury also complained about “Chinese control and censorship” at Zoom, since the “700-strong development department” is in China. A Zoom spokesperson does not specifically address and respond to these concerns star-Question vague: “Especially with a view to the requirements in Germany and Europe, we have invested resources in the expansion of our data protection measures in recent years and will continue to push this forward.”
Digitalcourage at Microsoft has similar doubts about the handling of customer data due to US laws. The IT giant (“Teams”) has been denounced with the protest prize for the second time since 2002. “It doesn’t matter what nice promises they make in their privacy policy. Companies are not even allowed to inform those affected if they have passed on data,” concludes the Big Brother jury.
The press office of Microsoft Germany reacts to star-Request with the following statement, which is worth reading carefully: “Microsoft has already largely stored customer data regionally in data centers in the EU and since January 1st, 2023 our EU-based customers from the public sector and corporate customers have been able to import data from Microsoft 365 , Microsoft Azure, Power Platform and Dynamics 365 within the EU and also process it.” Mind you, private customers are not mentioned.
For digital courage, services from US providers such as Zoom, Microsoft, but also Google and Facebook “cannot be used legally in Germany and Europe”. For European customers, there is uncertainty as to which US secret service will ultimately have access to the data in the cloud. European providers remain as an alternative.