News Archives

Monday, November 28, 2016

German Government Not on Same Page as DPAs

Germany has traditionally been viewed as the European country with the most rigorous data protection laws and culture.  However, privacy developments during November were of a decidedly mixed character.  On the one hand, the data protection authorities in ten German states initiated a coordinated mass audit of 500 randomly-selected companies, focusing upon their data transfer policies and practices.  Companies still relying upon Safe Harbor as a basis for data transfers to the U.S. would likely see enforcement actions brought against them.  Enforcement actions by individual DPAs also continued, for example the fining of an unnamed company by the Bavarian DPA for appointing a data protection officer who continued in his role as IT manager.

On the other hand, the German interior ministry released the draft of a bill that would prevent DPAs from investigating breaches of medical and legal records and also allow businesses to withhold notice about personal data they collected if such notice “would seriously jeopardize the business purposes of a company.”  Theo Weichert, the out-spoken former DPA for Schleswig-Holstein, called the provisions a “disaster” that would represent a “massive” erosion of privacy in Germany, while the federal DPA, Andrea Vosshoff, said they would make DPA control “in many sensitive areas, for instance health insurance companies, job centers, or other social service operators, almost impossible, and is not acceptable." Other criticisms of the draft bill were prominent in an analysis published by federal and state DPAs on November 11.  Finally, in a sign of what appears to be a growing cultural bifurcation, Chancellor Angela Merkel called upon EU member states to take “a pragmatic approach” to the application of data protection laws, balancing the need to prevent the mis-use of personal data with the need to enable the development of big data projects.

No comments:

Post a Comment