The commercial register becomes a data slingshot for personal data

The commercial register is blank and all access restrictions to personal data are dropped. The reason for this is a new law.

A new law at EU level opens the doors to the commercial register and drops all access restrictions. A range of personal data is now unprotected and accessible to everyone on the web portal.

New law leaves the commercial register blank

All can be found under handelsregister.de since the beginning of August Retrieve entries easily via web form. This also includes sensitive personal data such as addresses, dates of birth and bank details. Some of the documents that are now publicly accessible even contain signatures.

Until recently, access to the documents in the commercial register required registration at the District Court of Hamm. There was even a fee for some documents. But since August 1st there has been a unified register information without access restrictions. The basis of this change is the law implementing the EU Digitization Directive, the aim of which is to simplify the “ formation of companies and the establishment of branches across Europe “.

A fine line between transparency and data protection

On the one hand, the change may seem sensible and bring a certain transparency to company information. Nevertheless, at second glance it turns out to be a significant data protection breach with great potential for abuse. Unredacted signatures, private addresses and dates of birth, as well as some personal account numbers and ID card verification numbers are data for which many a hacker group would take enormous risks. But with the commercial register, they can be viewed by anyone without any risk.

As reported by heise online, the state commissioner for data protection and freedom of information in North Rhine-Westphalia emphasizes that the portal of the commercial register has existed for a long time and is the only one The innovation is that “ that calls from the register are no longer subject to a fee and no user registration is provided. ” With reference to The authority emphasized the legal basis, which is anchored in the Commercial Code and the Commercial Register Ordinance, among other things, that the portal serves “ transparency in legal transactions and the associated effects on third parties. Therefore, the rights under the General Data Protection Regulation apply only to a very limited extent.

The Abuse potential is enormous

The security expert Lilith Wittmann announced via Twitter, a “ open source scraper and analysis tools for Lists of shareholders ” to build the “pretty crass treasure trove of data” to free“.

Joerg Heidrich, the data protection officer at Heise-Verlag, said he was at a loss about the current status of the commercial register portal: “I think that’s a crass one Failure of the legislature to weigh up legitimate demands for transparency on the one hand and the rights of those affected on the other. ”

Invisibility.info

Related Articles

Back to top button