At a recent conference on the EU’s data protection reform proposals in Berlin, Cornelia Rogall-Grothe, state secretary at the German Ministry of Interior, expressed doubts regarding some fundamental principles of the draft regulation which made it clear that the European Commission’s proposal has a long way to go before a final version may be adopted.
It is not news that the German government disapproves of the draft regulation’s approach to also regulate data protection for the public sector, i.e. the state. Ms. Rogall-Grothe emphasised that German data protection provisions for the public sector were very elaborated, both by statutory law and judgements of theFederal Constitutional Court. Thus, it would not be necessary to regulate the organisation of public registries or the handling of social security data by a harmonised European law.
In addition, the state secretary sees an inherent danger that efforts to enforce data protection rules for the private sector were exceeding the necessary level. In this regard, the current reshaping of data protection rules on the European level would provide a unique possibility for change. Accordingly, she laid out that the German government supported the idea to introduce a legal regime which provides for a general permission to collect and use personal data unless a legal provision prohibited such use.
The conference’s second keynote speaker, Jan Philipp Albrecht, member of the European Parliament and member of the Committee on Civil Liberties, Justice and Home Affairs, expressed his surprise about this proposal as the idea that the collection and use of personal data must be prohibited unless explicitly allowed has been the basic principles of the German data protection law for over 30 years and also inspired the Commission’s draft regulation (see Article 6). Contrary to Ms. Rogall-Grothe, he regarded the Commission’s draft proposal as a useful base, although he indicated that several amendments and clarifications were necessary. He explicitly criticised the position of the European Commission as too strong, because it authorised the Commission to further develop several undefined terms and processes.
Ms. Rogall-Grothe announced that German Federal Government was currently planning a European conference on data protection in October. At this conference, the government intended to particularly discuss 3 topics: (a) less data protection provisions for individuals and small businesses, (b) a flexible data protection regulation which depends on the particular risk involved for the individuals’ private spheres, and (c) self regulation options for businesses.
As these topics are rather big issues, there is increasing indication that the legislative process for the draft regulation will not be short and easy.