In a troubling trend, Schleswig-Holstein has reported a significant rise in data breaches and privacy complaints, reflecting growing concerns about cybersecurity and digital privacy. On April 9, 2025, Marit Hansen, the State Data Protection Commissioner, revealed that in 2024, a staggering 602 incidents were reported to the Unabhängigen Landeszentrum für Datenschutz Schleswig-Holstein (ULD), marking a notable increase from 527 in 2023 and 498 in 2022.
"Recently, we’ve seen more than 50 reports per month," Hansen stated during a press conference in Kiel. This alarming uptick highlights the vulnerabilities faced by both businesses and individuals in an increasingly digital world.
Among the most concerning incidents were phishing attacks that exploited email systems by using fraudulent invoice templates. Customers expecting legitimate invoices were misled into transferring funds to fake accounts. "Some customers noticed the discrepancies and inquired, only to receive confirmation from the attackers, who had also hacked the communication channels," Hansen explained.
However, the breaches were not limited to sophisticated scams. The ULD noted that smaller incidents, such as misdirected emails, also had significant consequences. In one case, a doctor accidentally lost patient documents while moving them between buildings, prompting the implementation of new regulations regarding the transport of sensitive information.
Another case involved an employee who misused contact information from a clinic's emergency folder for her side business, resulting in her immediate dismissal. These incidents underscore the importance of stringent data protection measures within organizations.
In addition to corporate breaches, private individuals lodged 1,628 written complaints with the ULD, a 20 percent increase from the previous year. Many of these complaints revolved around video surveillance, with 352 specific grievances recorded in 2024. This figure is nearly double the complaints from previous years, which numbered 256 in 2023 and 191 in 2022.
"Every fifth complaint pertains to video surveillance," Hansen noted, emphasizing that many complaints stemmed from neighborhood disputes. In one notable incident, a mobile home site streamed live images online, revealing excessive details about the campers, raising serious privacy concerns.
Hansen also addressed issues related to consent in data sharing, particularly in banking practices. In one case, individuals were presented with pre-checked boxes for sharing their data with service providers when signing new Girokonto papers. "This was deemed unacceptable as it was misleadingly labeled as 'voluntary,'" she stated.
Moreover, a debt collection agency mistakenly contacted the wrong debtor and initiated foreclosure proceedings, further illustrating the potential for serious errors in data handling.
As digital services become increasingly prevalent, many individuals have expressed frustration over the pressure to disclose sensitive information online. Hansen highlighted concerns about the future of public services, stating, "We worry that access to services will increasingly depend on having a smartphone and being willing to install new apps, which can exclude those who are not tech-savvy or lack access to technology."
Additionally, the rise of artificial intelligence has brought about new challenges. Hansen noted instances where individuals discovered false information about themselves online, including wrongful accusations of criminal activity. "AI sometimes gets confused and erroneously links the author of an article about a crime directly to the crime itself," she explained. This misrepresentation can have serious implications for individuals' reputations.
Hansen further criticized the claim that sensitive data used to train AI systems is anonymized, asserting that these data points can often be traced back to individuals, albeit in misleading combinations. "More digitization also means more attacks on IT systems," she warned, highlighting the need for robust cybersecurity measures.
The increase in privacy complaints extends to the realm of information freedom, with a noticeable rise in requests that were either delayed or denied without clear justification. Over the past year, Hansen reported issuing four formal complaints regarding these issues, reflecting a growing frustration with transparency in data access.
As digital landscapes evolve, the challenges of maintaining privacy and security grow ever more complex. The ULD's findings serve as a stark reminder of the ongoing battle against data breaches and the critical need for individuals and organizations alike to prioritize data protection.
In conclusion, as Schleswig-Holstein grapples with these pressing issues, the call for enhanced data governance and public awareness becomes increasingly urgent. With the digital world expanding rapidly, it is essential for both individuals and organizations to remain vigilant in protecting sensitive information and ensuring compliance with data protection regulations.
