With Europe’s new data protection law coming into effect this week, activists are aiming to turn the tables on big companies that have long harvested data on customers.
According to a report in Reuters, activists are requesting massive amounts of data from SCHUFA, the German personal credit rating agency, via the Freedom of Information Act, in an effort to determine the secret algorithm it employs to calculate consumers’ risk levels.
Although there are laws on the books that let individuals see the data companies have about them, the General Data Protection Regulation (GDPR) has more power behind it. Reuters noted that the law requires companies doing business in the European Union’s 28 member states to offer up the data for free, in a manner that can be understood. There are stiff fines of up to 4 percent of a company’s annual turnover for failing to comply.
The report noted that the activists, going by OpenSCHUFA, have recruited more than 20,000 volunteers to ask SCHUFA for their personal data. Armed with the information, a group of data scientists will reverse-engineer the results and release the findings in a published report in June.
“By getting thousands of people involved, it’s already a success,” said freedom of information activist Arne Semsrott.
SCHUFA told Reuters that the activists’ campaign is misleading, as it has provided its credit scoring method to German authorities.
In late April, the law firm McDermott Will & Emery collaborated with the Ponemon Institute to assess how U.K. businesses are preparing for GDPR. They found that many will miss the May 25 deadline as they struggle to overcome challenges related to key components of the new rules, including data breach notification.
According to McDermott’s report, 52 percent of companies surveyed said they will be compliant by the May deadline. Forty percent, however, said their compliance will come after that deadline, and 8 percent were not sure when they will be fully compliant with the new rules.