Schufa score must not be decisive for creditworthiness

European Court of Justice - Schufa score must not be decisive for creditworthiness

Companies may not decide whether to conclude contracts with customers solely on the basis of an automated assessment of creditworthiness by Schufa. The European Court of Justice ruled on Thursday in Luxembourg that the so-called Schufa score must be regarded as a fundamentally prohibited "automated decision in individual cases" if Schufa's customers assign it a decisive role in the granting of credit.

Banks, telecommunications services or energy suppliers usually ask private credit agencies such as Schufa about a person's creditworthiness. Schufa then provides an assessment, the so-called score value. This is intended to show how well the person concerned fulfills their payment obligations.

The background to the proceedings before the ECJ is a case from Germany. In one of them, a person who had been refused a loan asked Schufa to delete an entry and grant him access to the data. Schufa provided him with his score value and general information on the calculation, but not the exact calculation method.

The Wiesbaden Administrative Court referred the case to the ECJ in order to clarify the relationship with the General Data Protection Regulation (GDPR). The GDPR stipulates that decisions that have legal effect on people may not be made solely through the automated processing of data.

Schufa welcomes the ruling

The judges in Luxembourg have now ruled that scoring falls under the GDPR and is only permissible under certain conditions. Schufa customers are not allowed to give the score a decisive role in the granting of credit. The Wiesbaden Administrative Court must now decide whether the German Federal Data Protection Act contains a valid exception to this prohibition that is in line with the General Data Protection Regulation.

Schufa welcomed the ruling: it provides clarity on how scores may be used in the decision-making processes of companies in accordance with the GDPR. "The overwhelming feedback from our customers is that payment forecasts in the form of the Schufa score are important to them, but are generally not the only decisive factor in concluding a contract," Schufa announced after the ruling.

Read also:

• This will change in December
• German activists speak out in Dubai on suffering in Israel and the Gaza Strip
• Nuclear fusion - hype or solution to energy problems?
• Budget crisis fuels debate on citizen's income - Bas warns against populism

1. The ruling by the European Court of Justice in Luxembourg has stated that Schufa's credit scoring cannot be the sole basis for a company's judgments on creditworthiness.
2. The decision made by the European Union's (EU) top court in Luxembourg has declared that Schufa's scoring falls under the General Data Protection Regulation (GDPR) and can only be used under specific conditions.
3. The Luxembourg Administrative court has ruled that the use of Schufa score as a decisive factor in the granting of credit is a prohibited "automated decision in individual cases" under the GDPR.
4. Companies in Europe should be aware that they cannot solely rely on Schufa's creditworthiness assessment to make lending decisions, according to the judgments handed down by the European Court of Justice in Luxembourg.
5. The European Court of Justice's ruling in Luxembourg has clarified that companies must consider other factors beyond a customer's Schufa score when determining creditworthiness.
6. The GCDR (General Data Protection Regulation) prohibits companies from making significant decisions about individuals based solely on automated data processing, as ruled by the European Union's Administrative court in Luxembourg.
7. In light of the EU's decision, companies in Luxembourg, Germany, and Europe must now find ways to integrate Schufa's scores appropriately while upholding data protection principles for their consumers.
8. The Schufa scoring system is now subject to European Union data protection regulations, as confirmed by the Administrative Court in Luxembourg, requiring companies to fully disclose their methods and providing individuals the right to have potentially harmful data removed.

Source: www.stern.de