Federal Data Protection Commissioner Ulrich Kelber argues that the European economy finally sees privacy as an opportunity. "Trust is at least as exciting a currency as data," said the head of the agency at the 43rd Data Protection Conference (DAFTA) of the German Society for Data Protection and Data Security (GDD) in Cologne.
State as a model
In his speech, Kelber was disappointed that many companies described privacy as a prime obstacle to innovation. This is a strength of the European model. Anyway, it would be futile to emulate the US or Chinese economy on their respective path of voluminous data processing and then expect a leading position. "Data protection is economic policy on the consumer side," emphasized Kelber. Only if one creates trust in the data processing, the digitization can really succeed. For example, the first US companies have already recognized credible data protection as a sales argument.
Here the state has a pioneering role to play. Kelber gave the slogan "Privacy is Something for Health" of the Federal Minister of Health Jens Spahn a clear rejection. It makes sense to use health data to improve health. But this must be thoughtful. Businesses and politicians who want to work with health data would need to think early on how to reconcile their ideas with the fundamental rights of patients. "They should seek the dialogue early and not try to break that over the knee," advised Kelber.
AI with guarantee of fundamental rights
With the use of artificial intelligence, data protection faces new challenges. Thus, it must be ensured that the results of an AI process are still explainable and transparent – otherwise individuals could no longer exercise the individual fundamental rights, which are guaranteed, inter alia, in the Charter of Fundamental Rights of the European Union.
This request was backed by Thomas von Danwitz, Judge of the European Court of Justice. Sooner or later, a case will be brought to court where a citizen is discriminated against by an AI system or has his rights violated. If the operators could not explain to the judges, in the case in point, how concrete an automated measure was, their chances in such a procedure are poor.
Tangible judgments, no esoteric privacy
"It's not about maximizing more or less esoteric privacy," stressed Danwitz. The legislature has prescribed a high level of individual protection, to which the judges of the European Court of Justice would have to comply. But not every detail would have to be regulated by the legislator. "A good law does not arise with the announcement in the bill, but only with several years of legal application." The judges would have to decide specific legal issues and thus create a coherent and secure legal framework. It would be unfortunate if certain questions only landed on the tables of the ECJ after decades. Such as the question of the consent of the data processing, which was treated in the case of the gambling provider Planet49. The reason for the long duration was also the process behavior of large industry participants, which absolutely avoided a process before the European Court of Justice.
In the meantime, a new draft of the e-Privacy Regulation, which was submitted by the Finnish EU Council Presidency and is intended to create extensive access rights to individual data, is creating uncertainty for the DPOs. Peter Büttgen, head of department at the BfDI, dampened expectations in Cologne of an early adoption of the law, which would be directly effective for all EU member states. "I do not think there's a way to draw a line next week," said Büttgen. It is more likely that the e-Privacy Regulation will be adopted in the second half of the year under the Presidency of the Council of Germany.
Fines and joint responsibility
The regulators had to listen to criticism because many companies had to deal with particularly difficult questions such as the implementation of the Fashion ID ruling, which had established a joint responsibility for operators of Facebook fan sites. Here, Stefan Brink, Country Commissioner for Data Protection and Freedom of Information (LfDI) Baden-Württemberg, called for patience. Thus, his authority had developed model contracts that regulated the issues of joint responsibility. In addition, Facebook have already shown several concessions – although the previous position of the group in the opinion of the data protection is not yet legally compliant.
You want to keep up to date with the topic of data protection, but do not want to roll over pages of literature? Then turn to our lawyer-editor trio with confidence.
At least in his area of responsibility, there is no reason to panic. His office of penalties has the requirement to resort to deterrent penalties only in cases where data protection doubters must clearly come to the conclusion that rules would not be complied with. The threat of a fine is, however, fundamental to the success of the General Data Protection Regulation: "The announcement is economically understandable." Unlike ethical appeals, the risk of losing the full annual profit is also heard on the executive floors. Meanwhile, his authority also gets pressure from the economy to impose more fines. Businesses that have gone to great lengths to protect data protection wanted to differentiate themselves from competitors who slur in privacy.
. (tagsToTranslate) Federal Data Protection Commissioner (t) DSGVO (t) Data Protection (t) Data Protection Expert Conference (t) Ulrich Kelber