Datenschutzrechtlich bedenkliche Vorschlagsfunktion bei E-Mail-Eingaben (DSGVO-Verstoß)
Sehr geehrte Damen und Herren,
im Rahmen der Nutzung Ihrer Anwendung ist mir ein gravierendes datenschutzrechtliches Problem aufgefallen, das dringend einer Klärung bedarf.
Im Menübereich „Start → Freigeben → Freigeben“ (konkret im Eingabefeld „E-Mail oder Personen“) werden bereits nach Eingabe weniger Buchstaben automatisch Vorschläge für E-Mail-Adressen angezeigt. Dabei handelt es sich nicht um eigene Kontakte oder lokal gespeicherte Adressdaten, sondern offensichtlich um reale E-Mail-Adressen dritter Personen.
Die Vorschläge umfassen u. a.:
– geschäftliche E-Mail-Adressen (z. B. Mitarbeiter von Banken wie Julius Baer Group),
– private E-Mail-Adressen,
– sowie Adressen aus unterschiedlichen Organisationen (z. B. Free Speech Union).
Bereits die Eingabe von ein bis zwei Buchstaben genügt, um eine Vielzahl offenbar real existierender Personen samt E-Mail-Adressen vorgeschlagen zu bekommen (siehe Screen-Video attached).
Ich halte dieses Verhalten für höchst problematisch und mit hoher Wahrscheinlichkeit nicht DSGVO-konform. Insbesondere stellen sich folgende Fragen:
- Auf welcher Rechtsgrundlage werden diese personenbezogenen Daten verarbeitet und angezeigt?
- Woher stammen diese Daten (Quelle der Adressdatenbank)?
- Wurde von den betroffenen Personen eine Einwilligung eingeholt?
- Warum werden diese Daten Dritten (hier: mir als Nutzer) ohne erkennbare Einschränkung offengelegt?
- Welche technischen und organisatorischen Maßnahmen verhindern Missbrauch (z. B. systematisches Auslesen von E-Mail-Adressen)?
Die aktuell implementierte Funktion wirkt faktisch wie ein offenes Adressverzeichnis ohne Zugriffsbeschränkung, was aus meiner Sicht einen erheblichen Verstoß gegen grundlegende Prinzipien der DSGVO darstellt (insbesondere Datenminimierung, Zweckbindung und Vertraulichkeit).
Ich bitte Sie daher um eine zeitnahe und verbindliche Stellungnahme, wie dieses Verhalten datenschutzrechtlich gerechtfertigt wird, sowie um Information, welche Maßnahmen kurzfristig ergriffen werden, um einen möglichen Verstoß zu beheben.
Sollte sich herausstellen, dass hier tatsächlich personenbezogene Daten unzulässig offengelegt werden, behalte ich mir vor, den Sachverhalt an die zuständige Datenschutzaufsichtsbehörde weiterzuleiten.
Mit freundlichen Grüßen
Christian Hostettler
Zürich
Hi Christian and to all who have commented -
Thank you for bringing these concerns to our attention. We investigated the issue, identified the root cause, and implemented a hotfix to address it. The fix is scheduled to be deployed later this week.
Background:
The search field within the sharing dialog is designed to help users quickly find and share with colleagues who belong to the same customer tenant or licensing group, similar to the suggested contacts experience in applications such as Microsoft Teams. Search suggestions are limited to a maximum of 25 results and are only displayed temporarily while the sharing dialog is actively in use.
For most MindManager customers, this worked as intended. However, in certain reseller or stock-license scenarios, the current licensing structure may cause the suggestions list to include email addresses associated with the reseller organization through which the licenses were purchased. The fix being deployed this week addresses this issue.
Best regards,
-Marian
Hi Christian and to all who have commented -
Thank you for bringing these concerns to our attention. We investigated the issue, identified the root cause, and implemented a hotfix to address it. The fix is scheduled to be deployed later this week.
Background:
The search field within the sharing dialog is designed to help users quickly find and share with colleagues who belong to the same customer tenant or licensing group, similar to the suggested contacts experience in applications such as Microsoft Teams. Search suggestions are limited to a maximum of 25 results and are only displayed temporarily while the sharing dialog is actively in use.
For most MindManager customers, this worked as intended. However, in certain reseller or stock-license scenarios, the current licensing structure may cause the suggestions list to include email addresses associated with the reseller organization through which the licenses were purchased. The fix being deployed this week addresses this issue.
Best regards,
-Marian
This looks a lot like a SCAM
I did NOT OPEN the attached file
If it is real, he would have contacted the MindManager organisation and not this public community
This looks a lot like a SCAM
I did NOT OPEN the attached file
If it is real, he would have contacted the MindManager organisation and not this public community
Unfortunately, it's true. I always thought the problem lay with me.
Unfortunately, it's true. I always thought the problem lay with me.
MindManager support at Corel advise that this report has been acknowledged, and is currently under review by the MindManager team. Further updates will be shared once more information is available.
MindManager support at Corel advise that this report has been acknowledged, and is currently under review by the MindManager team. Further updates will be shared once more information is available.
Hi Christian and to all who have commented -
Thank you for bringing these concerns to our attention. We investigated the issue, identified the root cause, and implemented a hotfix to address it. The fix is scheduled to be deployed later this week.
Background:
The search field within the sharing dialog is designed to help users quickly find and share with colleagues who belong to the same customer tenant or licensing group, similar to the suggested contacts experience in applications such as Microsoft Teams. Search suggestions are limited to a maximum of 25 results and are only displayed temporarily while the sharing dialog is actively in use.
For most MindManager customers, this worked as intended. However, in certain reseller or stock-license scenarios, the current licensing structure may cause the suggestions list to include email addresses associated with the reseller organization through which the licenses were purchased. The fix being deployed this week addresses this issue.
Best regards,
-Marian
Hi Christian and to all who have commented -
Thank you for bringing these concerns to our attention. We investigated the issue, identified the root cause, and implemented a hotfix to address it. The fix is scheduled to be deployed later this week.
Background:
The search field within the sharing dialog is designed to help users quickly find and share with colleagues who belong to the same customer tenant or licensing group, similar to the suggested contacts experience in applications such as Microsoft Teams. Search suggestions are limited to a maximum of 25 results and are only displayed temporarily while the sharing dialog is actively in use.
For most MindManager customers, this worked as intended. However, in certain reseller or stock-license scenarios, the current licensing structure may cause the suggestions list to include email addresses associated with the reseller organization through which the licenses were purchased. The fix being deployed this week addresses this issue.
Best regards,
-Marian
Hi Everyone,
The fix has been deployed.
Best regards,
-Marian
Hi Everyone,
The fix has been deployed.
Best regards,
-Marian
---