The topic Copying ID cards Data protection is of great importance in Germany. Until 2010, the copying of ID cards was prohibited by law. With the amendment to the ID card law, holders were allowed to make copies themselves. However, passing them on to third parties remains problematic.
The introduction of the GDPR brought stricter rules for the handling of personal data. The Identity protection and the preservation of the Privacy are in the foreground. Copies of ID cards are only permitted under certain conditions and with the express consent of the holder.
Despite the relaxation, copying ID cards remains a data protection concern in many cases. Companies must carefully check whether they actually need a copy or whether less sensitive data is sufficient. The principle of data minimization plays a central role here.
Important findings
- Copying ID cards was prohibited until 2010
- GDPR brought stricter rules for data storage
- Copies of ID cards only permitted with the holder's consent
- Data minimization is an important principle
- Many industries have special regulations
- Identity protection and Privacy have high priority
The legal basis: German ID Card Act and GDPR
The German ID Card Act and the General Data Protection Regulation (GDPR) form the legal basis for the handling of personal data in Germany. These laws regulate how companies and authorities are allowed to handle copies of ID cards and what rights citizens have when their data is processed.
Changes to the Identity Card Act since 2010
Since 2010, the German ID Card Act (PersAuswG) has allowed ID card copies to be made, but only with the holder's consent. This strengthens control over one's own digital identity. Important to know: Serial numbers may not be used automatically to retrieve personal data.
Effects of the GDPR on the handling of copies of ID cards
The GDPR has further tightened data protection. It requires that the processing of personal data is appropriate and limited to what is necessary. For companies, this means
- Copies of ID cards must be clearly recognizable as such
- Passing on to third parties is only permitted by the card holder
- Data must be deleted after a certain period of time
Despite these regulations, there are exceptions, for example in the financial sector or with telecommunications providers. Here, copies of ID cards may be created and stored for longer under certain conditions. The Data security is always at the forefront in order to protect citizens' personal data.
Copying ID cards Data protection: principles and challenges
The copying of ID cards presents companies with data protection challenges. The principle of data minimization requires that only necessary information is stored. This serves to protect against Identity theft and creates trust with customers.
Since 2017, ID cards may only be copied with the holder's consent. This regulation applies equally to photocopying, photographing and scanning. Companies must check whether a copy is really necessary or whether individual data is sufficient.
ID card holders have the right to black out data that is not required. Access and document numbers are particularly sensitive. These measures increase the Counterfeit protection and reduce the digital footprint.
"The protection of personal data is crucial for trust between companies and customers."
Exceptions apply to certain sectors:
- Banks and financial service providers may copy ID cards in accordance with the Money Laundering Act
- Telecommunications providers when concluding contracts
- Providers of certificates in accordance with the Signature Ordinance
Despite these exceptions, data protection remains a key challenge. Companies must carefully consider what data they actually need and how they can best protect it.
When is the copying of ID cards permitted?
Since July 2017, the ID Card Act has allowed ID cards to be copied under certain conditions. This change was made because the previous regulation proved to be impractical. The Identity protection remains an important topic.
Exceptions for certain industries and situations
In some sectors, copying ID cards is not only permitted, but even mandatory. Financial service providers must identify individuals in accordance with the Money Laundering Act. Telecommunications providers are allowed to copy ID cards, but are obliged to destroy the copies after the contract has been concluded.
The role of the consent of the ID card holder
The collection or processing of personal data from the ID card is only permitted with the consent of the ID card holder. This also applies to the creation of copies. A copy of an ID card may be passed on within an organization, but not to third parties.
| Industry | Permission to copy | Special requirements |
|---|---|---|
| Financial service provider | Yes | Money Laundering Act |
| Telecommunications | Yes | Destruction after conclusion of contract |
| Hotel industry | No | Documentation of guest data only |
To ensure data protection, companies should only make copies of ID cards that are absolutely necessary and black out irrelevant information. This serves to protect against Identity theft and complies with the principle of data minimization in accordance with the GDPR.
Data protection concerns with copies of ID cards
The practice of copying ID cards raises considerable data protection concerns. Many companies routinely request copies of ID cards without questioning their necessity or legality. This leads to numerous complaints to data protection authorities.
According to the amended ID Card Act, ID cards may not be copied without the holder's consent. Even with consent, the principle of data minimization applies. Complete copies often contain more data than is necessary for identification, which makes the Privacy of citizens is at risk.
A ruling by the Hanover Administrative Court confirmed the ban on scanning and storing ID cards. The Federal Ministry of the Interior also emphasizes the inadmissibility of reproducing ID documents.
A visual check of the ID card is often sufficient to verify identity without making a copy.
Companies should rethink their practices and only collect the personal data that is really necessary. The Data security and the protection of privacy must have top priority.
| Aspect | Legal assessment |
|---|---|
| Copying without consent | Inadmissible according to § 20 para. 2 PAuswG |
| Copying with consent | Observe the principle of data minimization |
| Complete copy | Usually not necessary and questionable in terms of data protection law |
| Visual inspection | Often sufficient for identity verification |
Principle of data minimization: What data is really necessary?
The principle of data minimization is a central aspect of handling personal information. It requires that only data that is absolutely necessary for the respective purpose is collected and stored. This applies in particular to ID card data, which often contains more information than necessary.
Relevant data for various business purposes
For most business applications, the name, address and expiry date of the ID card are sufficient. As a rule, the ID number should not be recorded. When renting out residential property, for example, landlords are not allowed to make copies, but only a note about the identity check.
Techniques for minimizing the stored data
There are various methods to reduce the amount of data. Redaction of unnecessary data is a common practice. It is equally important to delete the data immediately after the purpose has been fulfilled. Telecommunications providers are required by law to destroy copies of ID cards after the contract has been concluded.
| Industry | Required data | Storage period |
|---|---|---|
| Financial service provider | Name, address, date of birth, ID number | 5-10 years |
| Telecommunications | Name, address | Until end of contract |
| Letting | Name, address | Note only, no copy |
The Counterfeit protection plays an important role in digital identity. New electronic ID cards enable secure verification without unnecessary data storage. Companies should always check whether a note "ID card has been presented" is sufficient instead of making a complete copy.
Redaction of identity card data: Rights and options
The redaction of ID card data is an important instrument for protecting identity and privacy. Since 2017, the ID Card Act has allowed ID cards to be copied under certain conditions. Nevertheless, citizens have the right to black out unnecessary data.
Particularly sensitive information such as access numbers should be made unrecognizable. This protects against data misuse and unauthorized access. Companies must inform customers of their right to redaction.
The Data security is in the foreground. A table shows which data can often be redacted:
| ID card data | Blackening recommended |
|---|---|
| Access number | Yes |
| Serial number | Yes |
| Place of birth | Mostly yes |
| Name | No |
| Date of birth | Depending on the situation |
It is important to note that some industries, such as financial service providers, are not allowed to redact certain data due to legal requirements. In these cases, data security must be ensured by other measures.
Special regulations for financial service providers and telecommunications providers
Financial service providers and telecommunications providers are subject to strict regulations when handling ID cards. These regulations serve to Counterfeit protection and the protection of digital identity.
Requirements of the Money Laundering Act
According to the Money Laundering Act (GwG), financial service providers must identify their customers. They store the name, address, date of birth, ID number and issuing authority. Copies of ID cards must be kept for five years and then deleted.
| Data to be retained | Storage period |
|---|---|
| Name, address, date of birth | 5 years |
| ID card number, issuing authority | 5 years |
| Copy of identity card | 5 years, then deletion |
Obligations under the Telecommunications Act
Telecommunications providers may request photo identification when concluding a contract. They use the data to fulfill the contract. The copies must be destroyed after the contract is concluded. This strengthens the digital identity of the customers.
Both sectors must comply with the GDPR. They inform customers about the purpose and duration of data storage. The forgery protection of ID cards plays an important role in identity verification.
ID card copies in everyday life: hotel industry, rental and retail trade
In everyday life, the question often arises as to the correct handling of ID cards. Identity protection plays a central role here. In the hotel industry, registration forms are mandatory, but copies of ID cards are not. Landlords are allowed to check ID cards, but not to copy them. These rules serve to protect personal data.
Strict regulations apply to copying ID cards in the retail sector. Data protection is the top priority here. Only data necessary for the contractual relationship may be noted. Only identity and age checks are permitted for age verification in youth protection. It is not permitted to leave the ID card as a deposit.
Since 2017, over 300 Europcar branches in Germany have been using the Genuine-ID EASYCHECK system. It enables ID documents to be checked quickly and securely. This electronic method protects against theft and detects possible document misuse. This ensures identity protection in the rental business without having to copy ID cards.
English 
Deutsch 
Español 
Français 
Polski 
English
Deutsch 
Deutsch 
English 
Español 
Français 
Polski 
Deutsch 
Deutsch 
English 
Español 
Français 
Polski