On Thursday it emerged that Germany's largest cashless payment network operator Easycash had harvested customer spending information without permission and divided them into different classes for use by other companies to determine their credit worthiness.
A similar practice was also apparently part of operations at Easycash competitor Telecash, daily Frankfurter Rundschau reported on Friday.
“That is clearly illegal,” data protection commissioner for the state of Schleswig-Holstein, Thilo Weichert, told the paper. “Account details and exact information about purchases are very clearly personal information that should not be used in this manner.”
North Rhine-Westphalia data protection commissioner Ulrich Lepper also criticised the practice.
“Fundamentally each person should decide for themselves who knows what about them when,” he told daily Kölner Stadt-Anzeiger, adding that customers must give permission for the use of their personal data.
Meanwhile the pro-business Free Democrats called for data protection laws to be strengthened as a result of the scandal.
“We need clear legal parameters for the use of customer data in electronic commerce,” FDP chief whip Christian Ahrend told daily Neue Osnabrücker Zeitung. “It is necessary to stop brazen data collection such as that by Easycash.”
The FDP plans to put pressure on the government to create new regulations, he told the paper.
Easycash has rejected criticism of the practice and says it was within the country's legal limits.