Benjamin Admin
407a9503e4
Build + Deploy / build-admin-compliance (push) Successful in 2m27s
Build + Deploy / build-backend-compliance (push) Successful in 3m40s
Build + Deploy / build-ai-sdk (push) Successful in 1m0s
Build + Deploy / build-developer-portal (push) Successful in 1m16s
Build + Deploy / build-tts (push) Successful in 1m54s
Build + Deploy / build-document-crawler (push) Successful in 1m2s
Build + Deploy / build-dsms-gateway (push) Successful in 31s
Build + Deploy / build-dsms-node (push) Successful in 20s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / loc-budget (push) Failing after 17s
CI / secret-scan (push) Has been skipped
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 2m44s
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / test-go (push) Successful in 49s
CI / test-python-backend (push) Successful in 36s
CI / test-python-document-crawler (push) Successful in 25s
CI / test-python-dsms-gateway (push) Successful in 21s
CI / validate-canonical-controls (push) Successful in 14s
Build + Deploy / trigger-orca (push) Successful in 3m23s
- Remove generic B2G keywords (behörde, amt, öffentlich) that match in every DSI due to "Aufsichtsbehörde", "Amtsgericht", "veröffentlichen" - Remove "server" from it_services (too generic, appears in every DSI) - Add consulting, manufacturing, media industries - Add B2B fallback for GmbH/AG without B2C signals - Add 10 ground truth files for unified compliance check Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3.9 KiB
3.9 KiB
Ground Truth: BMW
URL: https://www.bmw.de Typ: Konzern / B2C Automobil Datum: 2026-05-12 Batch-Test: 8/9 L1, 10/21 L2 (Mangelhaft, 48%)
Business Profile (erwartet)
| Feld | Erwarteter Wert |
|---|---|
| business_type | b2c |
| industry | automotive |
| has_online_shop | true (Konfigurator, Zubehoer) |
| has_editorial_content | true (Magazine, Blog) |
| is_regulated_profession | false |
| needs_odr | true (B2C Online-Angebote) |
Dokumente
| Dokumenttyp | Vorhanden | URL |
|---|---|---|
| DSI | Ja | https://www.bmw.de/de/footer/metanavigation/datenschutz.html |
| Impressum | Ja | https://www.bmw.de/de/footer/metanavigation/impressum.html |
| Cookie-Richtlinie | Ja (separate Seite) | https://www.bmw.de/de/footer/metanavigation/cookie-policy.html |
| AGB | Ja | TODO: URL verifizieren |
| Widerruf | Ggf. in AGB | — |
| Social Media DSE | Nein | — |
| Nutzungsbedingungen | Ja | TODO: URL verifizieren |
| DSB-Kontakt | In DSI | — |
Erwartete Ergebnisse: DSI (Art. 13 DSGVO)
L1 Checks (8/9)
| Check | Erwartet | Begruendung |
|---|---|---|
| Verantwortlicher | PASS | BMW AG, Muenchen |
| DSB | PASS | DSB erwaehnt |
| Zwecke | PASS | Ausfuehrlich |
| Rechtsgrundlage | PASS | Art. 6 Referenzen |
| Empfaenger | PASS | Kategorien aufgezaehlt |
| Drittlandtransfer | PASS | USA-Transfer erwaehnt |
| Speicherdauer | PASS | Zeitangaben vorhanden |
| Betroffenenrechte | FAIL | Rechte ohne Art.-Referenzen |
| Beschwerderecht | FAIL | Art. 77 nicht explizit erwaehnt |
L2 Checks (10/21 — verifizierte True Positives)
| Check | Erwartet | TP/FP |
|---|---|---|
| Anschrift | PASS | — |
| FAIL | TP — Keine direkte E-Mail-Adresse fuer DSB angegeben | |
| Telefon | PASS | — |
| DSB Kontakt | PASS | — |
| Art. 6(1)(a) | PASS | — |
| Art. 6(1)(b) | PASS | — |
| Art. 6(1)(f) | PASS | — |
| Interessenabwaegung | FAIL | TP — Keine dokumentierte Abwaegung |
| Transfermechanismus | FAIL | TP — Kein SCC/DPF benannt |
| Art. 15-18,20,21 | FAIL | TP — Rechte ohne Artikel-Referenzen aufgezaehlt |
| Art. 22 Profiling | FAIL | TP — Kein Profiling-Hinweis trotz Konfigurator/Personalisierung |
| Aufsichtsbehoerde | FAIL | TP — Keine konkrete Behoerde benannt |
| Loeschkonzept | FAIL | TP — Kein Loeschkonzept referenziert |
Verifiziert: BMW hat tatsaechlich eine lueckenhafte DSI. Die Findings sind True Positives.
Erwartete Ergebnisse: Impressum
| Check | Erwartet | Begruendung |
|---|---|---|
| Firmenname | PASS | BMW AG |
| Anschrift | PASS | Petuelring 130, 80809 Muenchen |
| Vertretung | PASS | Vorstand benannt |
| Registergericht | PASS | AG Muenchen, HRB 42243 |
| USt-IdNr | PASS | DE 129 273 987 |
| V.i.S.d.P. | PASS | Hat redaktionelle Inhalte |
| Streitbeilegung | AKTIV | B2C mit Online-Angebot → ODR relevant |
Erwartete Ergebnisse: Cookie-Richtlinie
| Check | Erwartet |
|---|---|
| Cookie-Arten | PASS (Essential, Analytics, Marketing) |
| Cookie-Zwecke | PASS |
| Speicherdauern | TODO: verifizieren |
| Drittanbieter | PASS (Google, Meta etc.) |
| Rechtsgrundlage | TODO: §25 TDDDG? |
| Consent-Tool | PASS (OneTrust o.ae.) |
Banner-Check
| Feld | Erwartet |
|---|---|
| banner_detected | true |
| provider | OneTrust oder aehnlich |
| violations | Mehrere (grosser Konzern mit viel Tracking) |
Cross-Check Banner vs Cookie
| Finding | Erwartet |
|---|---|
| Dienste fehlen in Cookie-RL | Moeglich (viele Third-Party-Tracker) |
| Tracking vor Consent | Moeglich (Pre-Consent Analytics) |
Kontext-Filter
| Check | Filter | Begruendung |
|---|---|---|
| ODR | AKTIV | B2C mit Online-Angebot |
| Widerruf | AKTIV | B2C |
| Berufsrecht | SKIP | Kein regulierter Beruf |
| V.i.S.d.P. | AKTIV | Hat Magazine/Blog |