The BfDI presents the 27th Activity Report
On 08 May 2019, the BfDI, Mr. Ulrich Kelber, presented the 27th activity report on data protection covering the years 2017 and 2018 to the President of the German Bundestag, Dr. Wolfgang Schäuble.
One important issue within the reporting period was the start of the application of the General Data Protection Regulation (GDPR). Although its start was rather bumpy due to false reports and other stylistic blunders, such as the replacement of bell nameplates at apartment buildings, the GDPR has turned out to be a benefit for data protection.
Despite all initial bad press and criticism, the GDPR has developed in a short period of time as a standard that is now taken as a model also by other world regions, said the BfDI during the presentation of the report in order to stress the international radiant effect of the GDPR.
This is shown by the new laws in California and Japan, but also by the high interest of other states in Latin America and Asia, which take the GDPR as a basis for current legislative projects. Even in the US, a debate on a national law on this basis has gathered momentum.
With regard to citizens, the new European data protection law appears to have led to an increased interest in the protection of their own data. For example, during the period from 25 May to the end of 2018, the BfDI received a total of 6,507 general enquiries and 3,108 complaints. This corresponds to a three-fold increase of requests per month. In addition, 7,300 data breaches have been reported by bodies subject to the BfDI’s supervision. Irrespective of those figures, during inspection and consultancy visits, it became evident that the vast majority of the bodies supervised by the BfDI have well implemented the GDPR.
Nevertheless, the BfDI pointed out that even the supervisory authorities must seek to further strengthen data protection through pragmatic legal interpretation and consistent enforcement of the GDPR. For this objective, in particular European cooperation would need to gather momentum.
The legal conditions are available and must be filled with life now — and we have to start at the very top! If we fail to come to grips with Facebook, Amazon, Google and Microsoft in terms of data protection law, no master craftsman, chairperson of an association or start-up-company will trust us when we impose data protection provisions on them.
In addition to the GDPR, the BfDI notably addressed the issue of the further expansion of competences for law enforcement authorities which were in blatant contradiction with the further declining crime statistics, and in this context, he suggested a moratorium on security law.