The Federal Data Protection Commissioner Kelber urges the legislature to finally cast the directive on data protection in criminal prosecution into national law.
Germany is still massively lagging behind in data protection in the areas of police and justice. The Federal Data Protection Commissioner Ulrich Kelber has therefore asked the federal government to fully implement the relevant EU directive from 2016. The EU member states have committed to enact all the necessary laws by May 6, 2018. Germany exceeded this deadline by 1000 days on Friday.
There is a lack of enforcement powers
Kelber complained that he could “only object to data protection violations” at the moment with the federal police and customs investigators. “Without national laws, I lack effective enforcement powers. That undermines the democratic legitimacy of data protection oversight and law enforcement agencies at the same time.” The computer scientist, therefore, sees the legislature forced to act “immediately”.
In spring 2020, his authority received the draft of a new federal police law, which would also have taken into account requirements from the directive, the inspector explained. However, this has not yet reached the Bundestag. The federal government wanted the initiative, with which the investigators can also use the federal Trojan to hack smartphones and laptops, actually in January. However, due to the dispute between individual departments, the project is no longer on schedule.
Unconstitutional clauses prevent signing
The lawmakers have already extensively revised the Customs Investigation Services Act, says Kelber. President Frank-Walter Steinmeier (SPD) but signed it because of the contained unconstitutional provisions for inventory data information yet. According to Kelber, the legislature could have made a change in the third part of the Federal Data Protection Act instead, in order not to have to repeat the rules for each authority in specialist laws.
After all, the guideline for the area of the Federal Criminal Police Office (BKA) has been implemented in principle, reports the data protection officer. In the BKA Act, the Bundestag had regulated that the supervisory authority could order appropriate remedial measures “if this is necessary to remedy a significant breach of data protection regulations”. However, there was also a lack of authority in the area of the secret services, so that only one objection is currently possible.
Infringement proceedings initiated against Germany
The directive is the “little brother” of the General Data Protection Regulation ( GDPR ), which is more in the public eye . The “twin” protects citizens’ fundamental right to privacy when law enforcement agencies use personal data. The EU regulations contained therein are intended to ensure, with similar data subject rights as in the GDPR, that the personal information of victims, witnesses and suspects is adequately protected.
In May, the EU Commission initiated the second stage of infringement proceedings against Germany . She also complained that five of the 16 federal states had not yet taken any measures to implement the provisions. The deadline set at that time expired in autumn, so that the Brussels government institution can now refer the case to the European Court of Justice.