TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, 26 Feb. 2021 Related reading: German data strategy addresses aligning DPAs





Greetings from Brussels!

Against the backdrop of the EU strategy for data last year, I noted with interest the German federal government’s adoption of its national data strategy at the end of January. Still the strongest EU economy by a stretch, Germany remains — in my view — relevant to keep abreast of regarding their digitalization and data developments as inevitably its influence is felt across the EU. Somewhat surprisingly, in a report issued by the European Commission last June, Germany was ranked 12th on the EU-27 digital economy and society index for digital progress behind countries like Finland, Denmark and Estonia. A strong and ambitious data strategy was to be expected.

After a delay of more than six months, the long-awaited federal policy was announced with more than 240 individual measures spelled out in a comprehensive document. This sizable document speaks to the country’s lofty intentions of making Germany a “trailblazer in the innovative use of data and data sharing in Europe.” Its multi-directional focus includes establishing an effective and sustainable data infrastructure; enhancing responsible and innovative data use; establishing a “data culture” and “data competency”; and lastly, a reorganization of its public administration to deliver high-quality digital public services. Earlier this month, the federal government also presented its data strategy to its Parliament, the Bundestag.

In short, in the last year of her chancellorship, Angela Merkel’s government wants to push Germany forward as a pioneer of digital leadership. 

I spoke with Sebastian Kraska of IITR Datenschutz GmbH to get insights into some of the key privacy areas highlighted in the national strategy paper. While Germany remains decentralized along its data protection policy and enforcement lines, the strategy emphasizes more consistent cooperation among the data protection authorities. The federal government commits to closer ties between the authorities of the federal and state governments on all data protection issues of national importance. This is currently part of an ongoing evaluation through public consultation by the Ministry of the Interior of the existing Federal Data Protection Act and state acts where they govern data.

In other areas, the federal government has committed to harmonizing the data protection laws for online and telecommunications services into one Telecommunication and Telemedia Act. The aim of this initiative is to reduce state (Landes) fragmentation and clarify the role and responsibilities of the German state supervisory authorities in this area, thereby streamlining legal certainty and security for companies and their obligations toward consumers.

The pandemic has also demonstrated how Germany’s federal system hampered areas such as health research in a country where more than 400 national health authorities have the responsibility for collection of data, as well as the autonomy for what technology and systems are deployed to manage, store and process data. The strategy talks to the mechanism of appointing a lead DPA for cross-border (state lines) research projects thus creating multi-center projects in health care supply distribution and research sharing. This resembles the lead supervisory mechanism as in the GDPR.

The constant tension between the promise of economic gain through harvesting personal data and the potential for abuse is also a common theme that is addressed through several measures. The data strategy aims to create legal standards and interpretations for anonymization practices and data evaluation through technology. An anonymization research network is intended to strengthen national leadership in this area while providing advice to German industry and public administration. Funding instruments will support such efforts, with a focus on machine learning, AI and quantum computing, addressing privacy metrics and guarantees.

One final mention is the promotion of data trustee models. There are also funding guidelines aimed at pilot projects to test the scientific deployment of such models. Moreover, and aligned with the eventual EU Data Governance Act, Germany will work to create a legal framework to establish certification and accreditation for data trustees.

For the future of the German data economy, there is much to unwrap in this all-encompassing strategy involving a multitude of stakeholders. As Kraska states, “The pandemic has exposed Germany’s digitalization backlog. To best tackle the fragmentation of issues, it’s time to harmonize efforts on both state and federal level to achieve a coherent strategy."

All said, my bet is Germany will catch up with some of the more performing EU member states before too long.


If you want to comment on this post, you need to login.