Greetings from Brussels!
A particularly sensitive and important debate is taking place in Germany at the moment relating to the current legal framework and structure of its supervisory agencies. Not a new theme, but the question of regulatory centralization after a dormant period is making the rounds among regulators and industry stakeholders in several online conferences in Germany. As you may know, Germany has a data protection regime that is far more complex than any of its sister EU member states.
In this month’s edition of The Privacy Advisor newsletter, we sought to delve into the heart of the matter and give some context and insight around the debate.
For some time now, I have been discussing this conundrum with both Sebastian Kraska of IITR Datenschutz GMBH, and more recently, with Ulrich Baumgartner, IAPP country leader for the DACH region. Consequently, and for contextual backdrop, we felt it was worth penning an article on the centralization issues at play and why they have emerged. At the center of the debate, the challenge for Germany in this modern and rapidly changing global digital economy is the ability to legislate and preside over consistent and unified enforcement policies and decisions for both indigenous as well as international companies. It is no secret the various state DPAs can and have different and diverse views on legal interpretation and enforcement. The perception in some quarters is that inconsistency and legal uncertainty are threats to the growth and development of the German economy. With the guidance and thought leadership of both Sebastian and Ulrich, you can find the full article on the subject here.
In addition to the article on legal and political considerations around centralization, Ulrich sat down with Michael Will, the commissioner for the Bavarian Data Protection Authority, to discuss the current state of play of enforcement in Germany and whether there is a chance that the 16 Länder, or states, would ever be consolidated with a centralized, federal DPA. You can read the full interview here.
According to Will, a lot of the debate stems from two major developments in recent times. On the one hand, the advent of the GDPR has amplified the perceived need for greater regulatory efficiency in a very public way. And on the other, the exponential growth and use of technology as it impacts the economy and consumer — both innovative and disruptive forces at the same time, depending on how you look at it.
From Will’s perspective, the pro centralization advocates will always favor a concentration of power on any given policy area, whether at national or as particular to data protection at the European level, citing greater efficiencies and standardization. He does, however, caution the adage of checks and balances, warning that with centralization comes the potential for one-sided interests and a questionable degree of transparency.
Overall, Will acknowledges the regulatory challenges brought about by the GDPR and is of the view that a stronger standardization of national enforcement practices under common European guidelines is the way forward. That said, his view is that there are other avenues to explore to achieve this in Germany.
There is clearly momentum in the current discussion about restructuring data protection supervision in Germany. Ulrich's view is one where the discussion is open for now, stating that “what we are witnessing presently is likely to restart a lengthy debate.” Sebastian Kraska, on his side, reiterated the German Federal DPA, Ulrich Kelber’s ultimate vision is for a full harmonization of DPAs at the EU level — in some shape or form — this suggests that consolidating the German regulatory landscape is a prerequisite to that end. Time will tell how this plays out.