Deutsche Post: Zurück an Absender, Empfänger wohlbekannt - privacy, Datenschutz

Deutsche Post: Return to sender, data well known

The mailman does more than just delivers the mail. We assume that he (or she) also does it privately. After all, a mailman knows a lot about us – where we live and maybe even the kinds of mail we get. We assume that this information is as sealed up and private as a registered letter. But that assumption is incorrect – at least in Germany.

While USA citizens are aghast with Cambridge Analytica extracting private data on millions of Facebook accounts and using this data in the past US presidential elections, now German citizens have their own shock following news that the Deutsche Post sold data on customers to political parties prior to the 2017 elections.

In Germany, Deutsche Post knows a lot of information about people. In addition to where people are living, Deutsche Post has information on household disposable income, level of education, and even knows if a person owns a car. That is a few more data categories than one would think the Post Office could get delivering Christmas cards and junk mail.

Deutsche Post sells customer data to the CDU and FDP

Deutsche Post selling this information is no secret. This institution, partially owned by the German state, had a subsidiary advertising that could let businesses “approach the right target groups thanks to micro-geographical consumer information.” It is just that in this post-Cambridge Analytica era, people are much more sensitive to their private information being sold and used in a political election. And, unlike Facebook, where there has always been an assumption that customer data would be used for selling advertising, a German institution such as Deutsche Post has at least had an image of more closely protecting the public’s secrets.

Political parties were big consumers of this data. Bild reported that the conservative Christian Democrats (CDU) and the center-right Free Democrats (FDP) purchased “more than a billion” of pieces of personal data from the Deutsche Post subsidiary. It’s believed that all German parties buy this data so they can better target where to send – and not send – their messages.

How do perpetrators get data from other people?

So far, this data appears to have been safely anonymized. Although the buyers might know how many politically oriented supporters of a German party live in a building – they don’t know precisely if you are one of those individuals. In addition, Deutsche Post data seems to have been kept secure and hasn’t been put up for resale in an online forum on the Dark Web.

But what if? There is good reason to be uneasy about the extent of private information about us that the data brokers are compiling. Data breaches do happen and the results can be devastating – especially when the leaked information is misused for creating false identities.

Over the past years, the reported news of data breaches increased. Last week another two major breaches were revealed. Under Armour’s MyFitnessPal app was hacked, leaking personal data of more than 150 million users. Hudson’s Bay Co retailer disclosed that it was the victim of a security breach that compromised data referring to more than 5 million payment cards used at Saks and Lord & Taylor stores in North America.

When it comes to a data leak, time is of the essence. It is critical to find out as soon as possible that the data has been stolen and is being misused, to reduce the damage.

This post is also available in: German

Avira, a company with over 100 million customers and more than 500 employees, is a worldwide leading supplier of self-developed security solutions for professional and private use. With more than 25 years of experience, the company is a pioneer in its field.