Deutsche Bahn has taken note of the threat of legal action by civil rights activists “with dismay”. Tech partners did not receive any “identifying” data.
Deutsche Bahn (DB) is resolutely defending itself against accusations by the data protection association Digitalcourage and by IT security researchers and lawyers of spying on customers with the DB Navigator app. The criticism of the travel information and booking application is “unfounded,” said the Berlin group. When they are used, “no customer data whatsoever is passed on to third-party providers”.
Bahn: Pseudonymised data only
According to the activists, the “DB Schnüffel-Navigator” is full of trackers and non-deselectable cookies that monitor travelers. Now they want to sue. All service providers that you work with on the app “are contractually bound, do not act in your own interest and strictly follow the instructions of DB”, the transport company opposes this. These are not third parties within the meaning of the General Data Protection Regulation (GDPR).
Deutsche Bahn emphasizes: “All technology providers listed in the DB Navigator in the ‘required’ category process data exclusively for the purpose of ensuring the diverse functions and stability of the app for more than two million customers every day.” “No identifying personal information” is involved, only pseudonymised. These even presented themselves as “anonymous data content” “isolated for the individual provider”.
Economical collection, careful handling?
None of the US partners such as Adobe, Google or Optimizely are able to “use the data elsewhere or even for their own marketing purposes,” emphasizes the DB. A cross-website or cross-app tracking of customers with the controversial cookies is not possible. The group generally attaches “great importance to the economical collection and careful handling” of customer data.
A detailed statement was made on Digitalcourage’s concerns and an interview was accepted, it is said. However, the club did not react to this. A spokeswoman emphasized: “We therefore take note of the recent high-profile activities with astonishment.” Group experts are also in close contact with the responsible data protection authorities.
Prevent unwanted tracking
The IT security researcher Mike Kuketz, who carried out an initial analysis of the Navigator app and found the trackers, was astonished “that large corporations like DB do not manage to approach the issue of data protection with the necessary seriousness”. They have the resources to do so. The reference to the definition of “third parties” in the GDPR only steers the discussion to a fact that is not at all objectionable.
The expert offers in one blog entry Tips on how the “data transmission behavior” can be influenced, at least by Android apps, and how unwanted tracking can be prevented. He also pointed to one Analysis of “Stiftung Warentest”, according to which the Bahn app is “not so precise” with data protection. Transfers of personal information that take place via this are to be classified as “critical”.
