All posts by Christina Motejl

At a recent conference on the EU's data protection reform proposals in Berlin, Cornelia Rogall-Grothe, state secretary at the German Ministry of Interior, expressed doubts regarding some fundamental principles of the draft regulation which made it clear that the European Commission's proposal has a long way to go before a final version may be adopted. It is not news that the German government disapproves of the draft regulation's approach to also regulate data protection for the public sector, i.e. the state. Ms. Rogall-Grothe emphasised that German data protection provisions for the public sector were very elaborated, both by statutory law and judgements of theFederal Constitutional Court. Thus, it would not be necessary to regulate the organisation of public registries or the handling of social security data by a harmonised European law. In addition, the state secretary sees an inherent danger that efforts to enforce data protection rules for the private sector were … Continue Reading ››
In a decision as of 6 March 2012 that covers aspects of consumer rights related to data protection, the Berlin regional court ruled that several clauses of Facebook Ireland Ltd.'s terms and conditions violate German consumer laws and are therefore void (LG Berlin, Judgement of 6 March 2012, 16 O 551/109). Facebook Ireland Ltd. is the contract partner of all Facebook users that are not residents of the USA or Canada. Firstly, the court said that the users' consent in Facebook's terms and conditions regarding the use of their personal data for advertising purposes is void. The reason for this assessment is not known yet - however, in a case against Google, the regional court of Hamburg had decided in 2009 that a consent provided in terms and conditions to a certain use of personal data unreasonably disadvantages a consumer if they are not specifically informed about the intended use of … Continue Reading ››
The draft data protection regulation of the European Commission that had leaked in early December has been widely criticised by the German Minister of the Interior and aFederal Constitutional Court judge. The points of concern were not the new and mainly stricter rules of the draft regulation, but that the European Commission chose a regulation instead of a directive. First, Johannes Masing, one of the sixteen judges of theFederal Constitutional CourtinKarlsruhe, unmistakably warned about the new regulation in a newspaper article last Monday titled "Goodbye to fundamental rights". Mr. Masing said that as a regulation was in fact a directly applicable law in every member state, national rights would be pushed aside. This would also be the case with regard to the fundamental rights of the Grundgesetz, the German constitution. In Germany, data protection laws do not originate from the European Directive 95/46/EC or a simple law, but were "invented" … Continue Reading ››
After a first read through of the leaked Commission proposal for a new data protection regulation (Draft Regulation) that was published by statewatch.org (it is not meant to be officially published until the end of January), I remembered a speech by Viviane Reding's Chief of Cabinet who said that the Commissioner for Justice was very impressed by German data protection rules. This might help in explaining several provisions of the Draft Regulation. Take for example the rules on data processing. After some scandals on data leakages at data processors,Germanytightened the requirements for the contract on data processing to cover several specific details of data security. Article 27 of the  Draft Regulation takes up this idea and requires controller and processor to stipulate several rules and precautionary measures in their agreement, as that the controller may only act on instructions from the controller and that its staff must have committed themselves to … Continue Reading ››
Datonomy attended the event "Datendialog" hosted by Google in Berlin on 24 November, where many interesting speakers discussed the current situation and future of privacy, but also openness. Blogger and Science Fiction author Cory Doctorow described the current situation of many free internet offers as "privacy bargain", in which users traded their personal data for services. The deal, however, would be one-sided and never negotiated. Therefore, Doctorow called for technical measures that would prevent companies from tracking users with cookies and compared the situation to pop up windows, the widespread use of which decreased after Mozilla, as first browser, started offering a tool to block these windows. In his words, cookie managers could be the new pop up blocker. Federal data protection commissioner Peter Schaar said that German data protection law needed to be amended especially with regard to the question of applicable law. If companies systematically offered services in Europeand collected … Continue Reading ››
Facebook encounters more and more problems with Germany's Data Protection Commissioners. Only last month, the Data Protection Commissioner of Schleswig Holstein, Thilo Weichert, announced proceedings against public authorities and companies in Schleswig Holstein that use Facebook’s Like-Button on their websites (see Datonomy post of 6th October). Mr. Weichert criticised that the Like-Button enabled Facebook to track users even if they had not clicked the button. Now, Johannes Caspar, Hamburg's Commissioner for Data Protection and Freedom of Information (HmbBfDI) has conducted an investigation into Facebook's use of cookies, which enable Facebook to recognise its users even if they are not logged in or if they visit a third party website that uses an embedded Like-Button. According to Caspar, Facebook had reasoned that it uses cookies mainly for security reasons, such as youth or password protection. However, the Commissioner claims that this was essentially not true as most functions were optional and only … Continue Reading ››
The independent Data Protection Commissioner of Schleswig Holstein, Thilo Weichert, has initiated proceedings against public authorities and companies in Schleswig Holstein who use Facebook's Like-Button on their websites or who operate a Facebook fanpage. The main point of criticism regarding the Facebook Like-Button is that it is directly loaded from the Facebook site, which enables Facebook to track the internet user by their IP address or a previously set cookie, even if they have not clicked the button. As regards the Facebook fanpage, the data protection authority says it violates data protection laws (in particular, sec. 15 of the German Telemedia Act) as Facebook collects user data to generate web statistics without enabling the user to object to this procedure. Therefore, it would generally not be possible to use a Facebook fan page in a privacy compliant way. By using the Like-Button or creating a fanpage on Facebook, the website or … Continue Reading ››