On February 5, 2024, none of your business (NOYB) announced that in the proceedings filed by the NOYB against the credit reference agency CRIF GmbH and the address trader Acxiom Deutschland GmbH in Germany, the Data Protection Authority of Bavaria for the Private Sector (BayLDA) ruled that CRIF violated the General Data Protection Regulation (GDPR) and the Hessen data protection authority (HBDI) rejected an application by Acxiom to deny NOYB any access to the case files.

In particular, the NOYB stated, among other things, that the credit reference agency CRIF buys personal data such as the names, addresses, and dates of birth of millions of Germans from the address trader Acxiom and uses it to assess their creditworthiness. The trade happens secretly and without the consent or notification of those affected. According to NOYB, BayLDA, which is handling the proceedings against CRIF, held that CRIF processed the complainant's data contrary to the principle of purpose limitation and breached its duty to inform them about acquiring their data from Acxiom and the credit agency provided incomplete answers to a request for information from the complainant, and that it even provided false information.

Moreover, the NOYB stated that the BayLDA is currently conducting further proceedings against CRIF, in which it is examining a general ban on the purchase of data from address traders such as Acxiom.

You can read the press release here.