The Big Brother Awards once again pillory state and private data octopuses. Lieferando and Klarna don’t think that’s fair. The involuntarily honored defend themselves self-confidently.
Anyone who is happily expecting an order from a delivery service or has requested a transport service can use the app to track where the food or the trolley is at the moment. This only works because the rider can be located on the bike or in the car at any time via GPS via satellite. This seems quite normal today, also because it is very practical.
The civil rights activists from Digitalcourage denounce this technology at the restaurant delivery service Lieferando and give it one of five Big Brother awards for “data octopuses”. The winners of the unloved award are informed in advance, but are left in the dark about the exact reasons given by the jury of data protection experts. They will only start this Friday from 6 p.m. with the live broadcast ceremony publicly.
In the case of the popular delivery service Lieferando, the Digital Courage jury denounced the “inadmissible total control” of the “riders”. The app they use collects “a wealth of behavioral data in detail and to the second”, namely “in addition to the time of collection in the restaurant and handover to customers, a location determination every 15 to 20 seconds”. From the jury’s point of view, Lieferando is “only the tip of the iceberg of companies from the “platform” or “gig economy” that make a job dependent on employees providing them with a wide range of personal data.” Sounds bad, but is it also a violation of regulations?
Lieferando rejects allegations
The Big Brother jury quotes from an expert report by the state commissioner for data protection and information security in Baden-Württemberg on the “Scoober” driver app: “The extremely close monitoring of the user (transmission of the GPS location approx. every 15 to 20 Seconds to Scoober) is unnecessary and therefore illegal employee monitoring (according to § 26 Para. 1 BDSG and Art. 88 DS-GVO)”.
The spokesman for Takeaway Express GmbH, which employs the Lieferando drivers, “would have liked to have explained the app to the jury”. But there was no interest in that. Company spokesman Oliver Klug said at the request of the star. “The driver app complies with the applicable data protection regulations and the determined locations and times are essential for the proper operation of our delivery service. For example, to assign orders to drivers in order to provide them with integrated navigation (using Google Maps Navigation), and thus restaurateurs and Consumers can check the status of their order.”
The allegation of an “inadmissible total control” of the employees is taken very seriously and resolutely rejected. The works council has repeatedly received insights into how the driver app works and data processing.
Klarna also in the pillory
The popular payment service provider Klarna (according to its own statements, more than 400,000 merchants and more than 150 million customers worldwide) also received a data octopus Oscar. The justification is: “Klarna pools data and power in a non-transparent way as a shopping service, payment service provider, price comparison portal, personal finance manager, credit checker and bank.”
On request, Klarna assures that it acts in accordance with the law: “In accordance with the European General Data Protection Regulation, we are committed to protecting the personal data of our customers and making it clear at all times what data we collect and how we use it. We provide We also ensure that the data is only used and stored for limited purposes and only for a certain period of time. Our customers can also request a copy of their personal data and have their data corrected and deleted at any time.”
If you find so much financial data in one hand uncanny, you could alternatively simply distribute your financial services (money accounts, credit card, payment app) to several providers.
Do citizens become endangered for no reason?
Every crime scene viewer knows how much data the police have access to, either directly or at the request of the public prosecutor. The “German police, represented by the Federal Criminal Police Office” will also receive a Big Brother Award in 2022 “for the way in which personal data is stored and used in files”. Contrary to the requirements of constitutional and European law, data would not be marked or would be insufficiently marked. As a result, there is a risk that millions of people will be unfairly treated as dangerous or criminals by the police or other authorities.
It should actually be clearly recognizable from stored data whether someone is a criminal, suspect, victim, witness, whistleblower or contact person. However, the police authorities have still not fully implemented these legal requirements.
As of June 2021, the Bavarian police had 1,644 football fans on record, although no specific accusation was made against them and most of them didn’t even suspect anything – solely on the basis of an “individual prognosis” by the police. The jury’s laudatory speech said: “It is enough to suspect that someone could commit a crime in the future to end up in the file.”
The Federal Criminal Police Office (BKA) replies that it deals with data “on the basis of the applicable laws and in accordance with European legal requirements”. This also includes the implementation of the complete labeling of the collected personal data in the police information system according to the specifications of the Federal Constitutional Court. Indirectly, the BKA confirms that it has by no means done its homework: “There are legal transitional regulations and requirements until the final start of operations.”
As the only winner, the Federal Criminal Police Office announced that it would “not attend” the award ceremony in Bielefeld.
The crypto world is also getting its fat off
The state-owned Bundesdruckerei GmbH gets its fat this year for using a trendy technology, “for the senseless use and promotion of blockchain technology, which is not only energy-guzzling, but can also have consequences for data protection”. The blockchain, a type of digital accounting for crypto transactions, is usually mentioned in connection with so-called crypto currencies such as Bitcoin. However, the Big Brother jury does not like a project by Bundesdruckerei to “prove the authenticity of school reports with the help of blockchain”.
According to a spokesman for Bundesdruckerei, the “digital school certificate project” is a test in three federal states. The blockchain used is operated exclusively in certified public data centers. The system consumes only a fraction of the energy of other blockchain systems. The protection of student data is guaranteed: “No certificates are stored in the blockchain, only checksums, so-called hash values, for later verification of the authenticity of the certificates.”
Oasis for surveillance capitalism
Digital courage and the Irish data protection supervisory authority DPC (Data Protection Commission) are actually in the same business. But the Big Brother jury awarded the notoriously underfunded and lax agency headed by Helen Dixon a special “lifetime achievement” award “for their ongoing sabotage of efforts to enforce European data protection law.” Ireland has “developed under the authority’s care into an oasis for business models of surveillance capitalism by Facebook, Google, Apple, Microsoft, Oracle and Salesforce”.
The supervisory authority does not fulfill its task in various ways: Complaints against large digital groups are simply left alone or complainants are excluded from the procedure. In January 2021, the LIBE Committee of the European Parliament (responsible for civil liberties, justice and home affairs) opened EU infringement proceedings against Ireland with good reason. The DPC missed the opportunity to comment.