SCHUFA assesses the financial standing of consumers without being asked to do so and makes this data available to the business community. At the same time, the legal system has decided that it is the consumers‘ responsibility to control this activity. SCHUFA (Schutzgemeinschaft für allgemeine Kreditsicherung) is a central player in the German financial system that plays a crucial role in assessing the creditworthiness of private individuals and companies. The data collected by SCHUFA influences not only the granting of credit, but also rental contracts and other financial services. In this context, SCHUFA is in the field of tension between protecting consumer rights and the need to minimise risks for financial institutions. SCHUFA has significant power in the German financial system and significantly influences the lives of many consumers. In other words, ‘SCHUFA has more power than mother-in-law.’
Historical background
SCHUFA was founded in 1927 to protect creditors from bad debt. At a time when industrialisation and lending were on the rise, a reliable credit rating mechanism was essential. SCHUFA initially served as a protective association that collected data on solvency and provided creditors with an informed basis for decision-making.
Over the years, SCHUFA expanded its activities and began collecting more comprehensive data sets on individuals and companies. Digitalisation in the 2000s allowed for the automation of processes, bringing both advantages and new challenges. Reliance on automated decision-making can potentially lead to injustices.
Legal framework and regulation – General Data Protection Regulation (GDPR)
The introduction of the General Data Protection Regulation (GDPR) in May 2018 fundamentally changed the legal framework for data processing in Europe. The GDPR sets strict requirements for the handling of personal data and significantly strengthens consumer rights. The central principles include:
Data belongs to consumers in the first instance. Their data may only be collected for legitimate purposes and may only be processed to the extent necessary.
Rights of the data subjects: Consumers have the right to access their data, to correct inaccurate entries and to delete data, as well as to claim damages.
A central aspect is the right to claim damages under Art. 82 of the GDPR. This gives affected individuals the right to claim damages in the event of unlawful data processing. Legal rulings have shown that the transfer of positive data without a sufficient legal basis may violate the GDPR. On 25 April 2023, the Munich I District Court ruled that the disclosure of such data constitutes a disproportionate infringement of the right to data protection. In 2024, the Federal Court of Justice ruled that a claim for damages always exists if an entry is unlawful.
National data protection laws
In addition to the GDPR, SCHUFA is subject to specific German data protection laws that supplement European norms. These laws govern, among other things, the processing of data for credit checks. Consumers can file complaints with regulatory authorities or take legal action in the event of data protection violations.
Functionality of SCHUFA
Data collection and processing
SCHUFA collects data from various sources:
Banks and credit institutions
– Mobile phone providers
– Mail order companies
– Collection agencies
Every time a consumer interacts with these institutions, information may be transmitted to SCHUFA. This data is summarised in a so-called SCHUFA score, which reflects the probability that a person will meet their financial obligations.
Impact of the SCHUFA score
The SCHUFA score has far-reaching effects on:
Positive scores: A high score indicates reliability and facilitates access to credit and other services.
Negative scores: A low score can restrict access to financial services and result in higher interest rates. Factors such as payment defaults or high levels of debt have a negative impact.
Transparency and consumer rights
Consumers have the right to request information about their data stored by SCHUFA once a year free of charge. This information enables them to identify errors and, if necessary, have them corrected.
Criticism and controversy
The information provided offers a comprehensive overview of the legal basis and requirements for claims for damages against SCHUFA, particularly in the context of data transmission.
Statistical data on data accuracy and the impact on consumers
1. Error rate in SCHUFA data
According to a study by the Federation of German Consumer Organisations (vzbv) from 2021, about 30 percent of respondents said that they had already had problems with incorrect entries at SCHUFA. This shows that a significant number of consumers are affected by inaccuracies in their credit data.
2. Impact on lending
A survey by the Institute for Financial Services (iff) showed that 20 percent of borrowers have not received credit due to a negative SCHUFA score. This figure illustrates how strongly SCHUFA’s decisions can influence consumers‘ financial lives.
3. Consumer perception
In a survey conducted by the market research institute YouGov, 45 per cent of respondents stated that they feel unsure whether their data held by SCHUFA is accurate. This insecurity can lead to a feeling of powerlessness and undermine trust in the system.
4. Legal action
According to a survey conducted by the German Bar Association (Deutscher Anwaltverein, DAV), in 2022 about 10 percent of consumers who had a negative entry in the SCHUFA took legal action to challenge inaccurate data. This shows that many of those affected are willing to actively demand their rights, although this is often associated with high hurdles.
5. Claims for damages
An analysis of the number of lawsuits shows that in 2023, about 15 percent of lawsuits against credit bureaus like SCHUFA were aimed at claiming damages for inaccurate data.
The statistical data illustrates the far-reaching effects of incorrect or inaccurate SCHUFA data on consumers. The high error rate and the associated financial disadvantages lead many people to take legal action to enforce their claims. At the same time, surveys show that there is considerable mistrust regarding the accuracy of the stored data.
Privacy concerns
The extensive collection of data has raised concerns about data protection. Critics fear that SCHUFA creates detailed profiles that go beyond the actual purposes of credit assessment.
Automated decision-making
The use of automated systems to calculate scores raises questions about fairness and transparency. The GDPR requires that data subjects must have the right to a manual review of such decisions. Accordingly, the ECJ has strengthened consumers‘ rights.
Legal rulings on SCHUFA
There have been several important rulings regarding the legal framework for claims for damages against SCHUFA. Here are a few examples.
Munich I Regional Court: On 25 April 2023, the court ruled that the disclosure of positive data by mobile phone providers to SCHUFA violates the GDPR if there is no sufficient legal basis.
Frankfurt Regional Court: In a ruling dated 19 March 2024, the court found that there is a claim for damages against SCHUFA if positive data was transmitted without a sufficient legal basis.
Tips for consumers
If you consider a SCHUFA entry to be unlawful, there are several legal steps you can take to enforce your rights. Here are the most important steps and tips that can help you clarify your situation and, if necessary, assert claims for damages.
1. Checking SCHUFA data
1.1. Requesting self-disclosure
First of all, you should request your free self-disclosure from SCHUFA. This is possible free of charge once a year and allows you to view all the data stored about you. Check the entries for correctness and completeness.
1.2. Identify incorrect entries
Pay particular attention to entries that may be out of date or incorrect, such as false personal data or contracts that no longer exist. These can have a negative impact on your creditworthiness.
2. Contacting SCHUFA
2.1. Objection to the entry
If you discover an incorrect entry, you should immediately object to SCHUFA in writing. Enclose all relevant documents that support your point of view (e.g. contracts, proof of payment). SCHUFA is obliged to check your objection and respond to you within a reasonable period of time.
2.2. Setting a deadline
Set SCHUFA a deadline for clarifying the matter (e.g. two to four weeks). Keep good records of all correspondence.
3. Complain to the supervisory authorities
If SCHUFA does not respond to your objection or does not remove the entry, you can file a complaint with the relevant data protection supervisory authority. This authority can check whether a data protection violation has occurred and take appropriate action.
4. Taking legal action
If all other steps are unsuccessful, you can take legal action:
Lawsuit for deletion: You can file a lawsuit demanding that SCHUFA delete the incorrect entry.
Claim for damages: According to Art. 82 GDPR, under certain conditions, you have the right to claim damages for immaterial damages (e.g. stress or stigmatisation) as well as for material damages (e.g. higher interest rates due to a poor score). However, concrete evidence of the damage suffered must be provided. In addition, the Federal Court of Justice ruled at the end of 2024 that there is also basic compensation without proof of damage.
5. Tips for enforcing your claims
5.1. Documentation: Keep all relevant documents and correspondence to support your claims. Please do not rely on telephone conversations with institutions such as hotline calls. Write letters if possible.
5.2. Legal advice: Use legal advice to ensure that you take all necessary steps correctly.
5.3. Be aware of deadlines: Be sure to meet all deadlines, especially when filing complaints or lawsuits.
5.4. Seek publicity: In some cases, it can be helpful to draw public attention to your concerns (e.g. through media reports) to put pressure on SCHUFA.
Challenging an unlawful SCHUFA entry requires careful preparation and knowledge of the legal framework. By actively exercising your rights and, if necessary, taking legal action, you may be able to remove an unjustified burden on your creditworthiness and, if applicable, assert claims for damages. It is advisable to seek the assistance of a lawyer in complex cases to ensure the best chance of success.
6. Requirements for compensation – example case
A consumer named Holger Meier from Munich took out a mobile phone contract that also included the transmission of his positive data to SCHUFA. After paying his bills on time, he later learned that this information was stored at SCHUFA. He felt that this was an unjustified intrusion into his privacy and sued for damages.
The district court then examined the legal basis for the transfer of his data. Schufa argued that it had a legitimate interest in preventing fraud in accordance with Article 6 (1) (f) of the GDPR; however, Meier pointed out that the loss of control over his data had caused him non-material damage. The court ruled in his favour in part; however, it found that the claim for damages was only minor because he had not suffered any demonstrable economic disadvantage.
In order to claim damages from SCHUFA, several legal requirements must be met. These are based on the provisions of the General Data Protection Regulation (GDPR) and are shaped by the case law of German courts and the European Court of Justice (ECJ). Here are the main points to keep in mind:
6.1. Active and passive legitimation
Active legitimation
The affected person whose rights have been violated by the data processing has the right to take action. This means that only the person whose data is affected can claim damages.
Passive legitimacy
The SCHUFA or the contractual partner who transmitted the data has the passive legitimacy. These parties are responsible for the data protection violation and can therefore be held liable.
6.2. Violation of the GDPR
A crucial point for the claim for damages is the existence of a violation of the GDPR. This may be the case, for example, if:
positive data has been transmitted without an appropriate legal basis.
The transmission of personal data is not justified by consent or a legitimate interest.
Courts have found that the blanket transfer of positive data without specific cause in particular constitutes a data protection violation (e.g. judgment of the Munich I Regional Court of 25 April 2023).
Under the GDPR, the transfer of personal data always requires a legal basis in accordance with Art. 6 GDPR. Possible justifications are:
– Consent of the data subject
– Necessity for the performance of a contract
– Legitimate interest of the data processor
In particular, justification by a ‘legitimate interest’ is often disputed and requires a balancing of the interests of the data processor and the fundamental rights of the data subject.
6.3. Damages
The right to compensation does not require proof of any specific damage. In addition to the basic damage amount, this can be increased due to specific damages. This can be both material and immaterial in nature:
Material damage: This could primarily be a financial loss that can be directly attributed to the incorrect entry.
Non-material damage: This includes intangible damage such as stress, stigmatisation or a reduction in living standards. The ECJ has made it clear that a mere loss of control over one’s own data is not sufficient; concrete evidence of an adverse effect must be provided.
On the other hand, the Federal Court of Justice ruled in the proceedings regarding the Facebook data leak that a loss of control over one’s own data does constitute non-material damage (judgment of 18 November 2024, ref. VI ZR 10/24).
6.4. Causality and fault
Causality
The damage must be causally attributable to the data protection violation. This means that you must prove that the registered error at SCHUFA directly led to the damage you suffered.
Culpability
The data processor (in this case SCHUFA or the transmitting contractual partner) must have behaved culpably. This could have occurred, for example, through negligence or deliberate disregard of data protection regulations.
6.5 Burden of proof
The burden of proof for the damage generally lies with the data subject. You must demonstrate that the data protection violation has caused specific damage and that there is more than just general dissatisfaction or annoyance.
6.6 Complexity and requirements for assertion
In summary, it can be said that asserting a claim for damages against SCHUFA is complex and several requirements must be met:
- Active and passive legitimation
- Proof of a violation of the GDPR
- Concrete material or immaterial damage
- Causality between the violation and the damage
- Culpable behaviour of the data processor
- Clarification of the legal basis for the data transfer
It is advisable to seek legal advice in case of uncertainty in order to effectively enforce your claims and to take all necessary steps correctly.
Interview with Dr Schulte on Stern TV about the Schufa
7. Deletion of negative SCHUFA entries – deadlines and options
7.1 Types of SCHUFA entries
The SCHUFA stores both positive and negative information about consumers.
Negative entries result from:
- Unpaid bills: Outstanding debts that have not been paid over a long period of time.
- Loan cancellation: Loans that have been cancelled by the bank due to payment arrears.
- Enforceable claims: When courts have ruled on the claim. The judicial dunning procedure is sufficient.
- Entries in the central debtor directory: Among other things, failure to provide information on assets. Also known as an ‘affidavit’ that is submitted in the context of a foreclosure.
- Large number of credit requests: A large number of credit requests seems to negatively influence the score.
The catalogue of § 31 II BDSG can be used as a guide here.
7.2. Legal deletion periods
Personal data used for the purpose of assessing creditworthiness may be stored for as long as is necessary for the purposes for which it is stored. Data from credit reference agencies is stored for the purpose of assessing the creditworthiness of the persons concerned. It must therefore be deleted at the latest when it is no longer of any reliable significance for creditworthiness. This is stated in Art. 5 Para. 1 (e) of the GDPR. At this point in time, the controller, in this case SCHUFA, is obliged to delete the data in accordance with Art. 17 (1) point a) GDPR. There is no clear legal regulation governing the storage period for data used to assess creditworthiness.
The situation is somewhat different with regard to entries that have been settled or transferred from the debt register. The deadlines vary depending on the type of entry:
Settled claims: After a claim has been settled in full, the entry usually remains for another three years. The deletion takes place exactly three years after settlement. This is based on the rules of conduct for the review and storage periods for personal data by German credit reference agencies.
Residual debt discharge after insolvency: Since April 2023, the residual debt discharge has only been stored in the SCHUFA for six months.
Other data from the debt registers: This data is stored for as long as it remains in the debt register.
7.3. Early deletion of entries
Under certain circumstances, negative entries may be deleted earlier than this. These include:
Unauthorised entries
If an entry is demonstrably incorrect or unauthorised, the consumer has the right to demand immediate deletion. Consumers should:
- Contact the creditor and provide evidence of the error.
- Inform SCHUFA of the facts of the case and request deletion.
Small claims that have been settled
Small claims up to €2,000 that have been paid in full within six weeks can be deleted early. The prerequisite is that no other negative entries exist.
Goodwill settlement
In some cases, creditors can have entries deleted on a goodwill basis, for example if:
- The claim was settled within 100 days.
- At least 18 months have passed since the settlement and there are no other negative entries.
To do this, the creditor must actively request the deletion.
7.4. Legal support
In complex cases, such as disputes about the legality of an entry, the support of a specialised lawyer can be helpful. A lawyer can:
- Enforce claims for deletion.
- Demand that creditors or SCHUFA correct the information or pay damages.
7.5 Case studies and examples
A consumer found that an erroneous entry remained in the SCHUFA database for almost two years despite a request for deletion. The court awarded the affected party damages and emphasised the importance of a quick deletion process.
8. Deletion of the Schufa entry due to a ‘special situation’ in accordance with Article 21 of the GDPR at Schufa
Article 21 of the General Data Protection Regulation (GDPR) grants every data subject the right to object to the processing of their personal data on grounds relating to their particular situation. In the context of Schufa, this means that under certain circumstances you can object to the processing of your data by Schufa.
8.1. What is a ‘particular situation’?
A ‘special situation’ is an individual life situation characterised by specific circumstances that result in the processing of your data having particular disadvantages for you. These disadvantages must be specifically explained and plausibly justified.
Examples of possible special situations:
Discrimination: If you fear that the data processing will lead to discrimination, for example when looking for a flat or a job.
Identity theft: If you have been a victim of identity theft, this may constitute a special situation.
Surveillance: If you feel that you are being excessively monitored as a result of the data processing, this may also constitute a special situation.
Religious or political beliefs: If the data processing conflicts with your deeply held beliefs, this may be considered a special situation.
Health reasons: If the processing of your health data leads to discrimination or endangers your health, this is considered a special situation.
8.2. How can I demonstrate my special situation?
Specifically and in detail: Describe the specific effects of the data processing on your life situation.
Plausible reasoning: Explain why your situation is to be regarded as special and which interests you are affected.
Supporting documents: If possible, enclose any documents that support your claims (e.g. medical certificates, police reports).
8.3 Important information
Individual assessment: Whether a situation is considered ‘special’ is assessed on a case-by-case basis.
Balancing: Schufa has to weigh your interests against its own interests.
Legal advice: If in doubt, seek advice from a lawyer.
9. Effects of deletion
The deletion of negative entries has a positive effect on:
Creditworthiness: Consumers receive better conditions for loans and contracts.
Financial flexibility: Better chances of getting a rental contract or credit cards.
Reputation: A clean SCHUFA report indicates reliability.
Conclusion: Delete negative SCHUFA entries – this is how you protect your rights and improve your financial future.
1.Assistance with SCHUFA Disputes
Learn about handling SCHUFA-related legal issues with our expert support.
2.Deleting SCHUFA Entries
Find out how to remove incorrect SCHUFA entries and restore your creditworthiness.
3.Legal Steps Against SCHUFA Errors
Explore your legal options to address inaccurate SCHUFA entries effectively.
4.Understanding Your SCHUFA Rights
Learn about your GDPR rights and how they apply to SCHUFA data management.
5.Claiming Damages for SCHUFA Mistakes
Discover how to claim compensation for wrongful SCHUFA entries.
The deletion of negative SCHUFA entries requires a sound knowledge of the legal basis and a structured approach. Consumers should regularly check their SCHUFA data and act promptly to avoid mistakes or have them corrected. In complex cases, legal support can help to restore creditworthiness and prevent financial disadvantages.
But consumers are not defenceless: they have the right to inspect, correct and delete incorrect data. With a systematic review, timely appeal and, if necessary, legal support, unjustified entries can be successfully challenged. The legal framework, in particular the General Data Protection Regulation, offers consumers strong tools to enforce their rights and protect their creditworthiness. Those who actively manage their SCHUFA data minimise risks and create the basis for a stable financial future.
• Have unauthorised SCHUFA entries deleted – your rights and options
• How the ECJ ruling helps consumers: SCHUFA scoring under fire
• Interview with Dr Schulte: SCHUFA and consumer protection
The recent ECJ ruling also strengthens the position of consumers by placing automated SCHUFA scoring under closer scrutiny. Further information on legal steps and claims for damages can be found on the website of Dr Thomas Schulte.
You can also read about how consumers can effectively enforce their rights: SCHUFA scoring and the GDPR.