Data will bring you inquiry

Federal Ministry of Justice and Consumer Protection

Every company and every authority must provide you with all of the data stored about you in writing at your request. You also have the right to find out where the company got this stored data from, to whom this data was forwarded from there and for what purposes the data is stored.

Protection of privacy through data protection

The Internet has become the most important source for targeted searches for information. However, as great as the benefits of the World Wide Web are, the Internet also harbors risks - for our personal rights and the protection of our data.

By entering or automatically recording properties, preferences or behavior, we enable companies to create a comprehensive personality profile about us. Personal data in particular allows important conclusions to be drawn about our personality. Data are always personal if they can be used to establish a reference to a specific person - for example by assigning them to an identification number or properties that express their identity.

The Federal Data Protection Act (BDSG) protects our general personal rights and our right to self-determination by setting legal requirements and limits for the processing of personal data. Self-determination here means that each user can determine for himself what information is available about him and who knows what about him. One of the consumer's rights is that the BDSG grants us certain rights to information - and obliges public and non-public bodies to comply with these claims to information.

Information about stored data

Upon request, a company must provide information about the data it has stored about us. According to the Federal Data Protection Act (BDSG) you have the right to know

• what data is stored about you,
• where the company concerned got this data from,
• to whom the data was passed on and
• for what purpose they were saved (§ 34 BDSG).

If you would like to receive this information, you must contact the company concerned in writing and request information about your stored data, referring to your claim under Section 34 BDSG. Give the company a reasonable deadline (two to three weeks) to do so. To be on the safe side, you should send the letter by registered mail or fax with a confirmation of receipt.

You can also object to the use of your data for advertising purposes. Sample letters on requests for information and objections to commercial use can be found on the websites of the consumer advice centers and some data protection officers.

If the company does not respond to your request, you can contact the supervisory authority responsible for data protection. Their responsibility depends on the federal state in which the company is based. A list of the contact details of the data protection officers of the individual federal states for the non-public area can be found at the Federal Commissioner for Data Protection and Freedom of Information.

Information about data stored on Facebook

You also have the right to know from Facebook what data is being stored about you. This currently results from the EU data protection directive and the national data protection laws of the member states for the implementation of this directive. From May 2018, the right to information will be uniformly regulated throughout Europe in the EU General Data Protection Regulation. In addition to the request to the company, you can also get an overview yourself using the electronic retrieval. The corresponding download tool can be found at the bottom of the page, under the "Data protection" button. Select the last heading "Interactive Features" and display some of your data by clicking on "Download your data".

Information about when you clicked a "Like" button, for example, or when which friends were added, can be found in the activity log, which is located on your own home page (profile page) under the button of the same name.

Even if you do not use Facebook yourself, but still suspect that data about you is stored in the network - e.g. because friends have transferred their address books there - you can submit a request for the personal data to be released.

In addition to these query options, you will also find information about the type, scope and purpose of the collection and use of personal data in the data protection regulations of the respective company - and also whether the data is passed on to third parties.

Avoid unnecessary information about yourself on the Internet

When registering or ordering, please provide as little information as possible.

Ms. Meier has discovered the new book by her favorite British author. Rather unknown in Germany, not every bookstore has it in their range. Ms. Meier learns from her daughter that she can also order the essay online via mail order. Ms. Meier calls up the mentioned page. She quickly finds what she is looking for. After she has put the book in her shopping cart, a page with empty fields appears. Ms. Meier should enter various information in it; In addition to bank details, billing and delivery addresses, she will also be asked for her date of birth, gender and preferred type of book. Ms. Meier carefully fills out all fields and sends the order. Only in retrospect does she become suspicious: Would all this data really have to be given?

For an order from an online mail order company, information about payment methods, billing and delivery addresses would have been sufficient. The date of birth is not necessarily important, but could have an influence on the payment modalities (e.g. on the invoice). Nevertheless, companies often ask for it. Information about gender or preferred genre enables companies to gain more precise insights into our lives. With the help of this information, you can make your advertising even more targeted - and in turn increase your sales opportunities. Such data can also be profitably resold to other companies with personal details. You should therefore always make sure which fields are mandatory - that is, you must fill in them - and which are not, i.e. only optional.

Safe web surfing

Avoid traces of data in the network through "low-data surfing". Have you ever Googled yourself? To find out what data is stored about you on the Internet, you can simply enter your own name into a search engine. This then lists all the results that were found for you on the Internet. Also click on “Pictures” to see whether and if so, which photos of you are circulating on the net.

To stay safe on the Internet, you can take a few precautions: for example, install your browser's security updates regularly. And take a look at the presets too. What do they say about the use of cookies, pop-up windows and the like?

You should also be vigilant when sending and receiving emails. - As your emails are stored on your provider's server, you should choose this provider carefully. To do this, take a look at his general terms and conditions.

If you really want to be sure that nobody else reads your e-mail apart from you and the recipient, you should encrypt and sign your messages. Some providers have already integrated very simple, optional end-to-end encryption into their e-mail products, which you can conveniently use as standard.

Safe in social networks

Especially social networks like Facebook and Co. store a lot of our personal data.
According to the Telemedia Act (TMG), service providers are obliged to enable use - as far as technically possible and economically reasonable - anonymously or under a pseudonym. However, many social networks require real names to be used for registration.
Facebook also uses this “clear name requirement”. When registering, the company checks the authenticity of a name - and blocks the corresponding account if the name turns out to be false. The courts are currently examining whether this Facebook approach is lawful.
Also take a look at the terms of use of the providers. There is a lot that most users of social networks are not even aware of.

Safe use of apps

When you download and use apps (mobile applications) on smartphones or tablets, a range of personal data is processed. It is possible that when you download an app, the data from your personal address book is saved and evaluated on another server. The apps often require consent to the processing of personal data that is not required for using the app. Why does a flashlight app need to access your personal address book or enable geolocation? Since you carry the mobile device with you at all times, particularly sensitive data such as your whereabouts can be affected. A comprehensive movement profile of the user can be created from this. Find out about data processing before downloading an app. Only give your consent for data processing that is necessary for the use of the app.

Use of various Internet services from a single source

Some companies offer various Internet services from a single source, e.g. Google, Apple or Microsoft. For example, with Google you can use a search engine with the various Google services, look at maps, download an app from the app store or send and receive emails. What may seem practical to the user at first glance also harbors dangers: Companies can use the combined user data to create extensive personality profiles. If a service is used anonymously, but another service from the same provider is used under the correct name, this information is merged and, so to speak, "de-anonymized". From a data protection point of view, it is therefore better to use different providers for different services.

Further information

additional Information

Legal and Law

Brochure on the subject

Guide through the digital world

This brochure builds on the experiences of older internet users and, with funding from the Federal Ministry of Consumers, shows the advantages that the use of the digital world can bring.