Europe's digital security
Data protection is a valued asset in the EU. Ulrich Kelber reveals in an interview why European standards are regarded as a benchmark worldwide.
As Germany's highest data protection officer, Professor Ulrich Kelber is committed to the best possible protection of personal data also at European level. He took up his post as Federal Commissioner for Data Protection and Freedom of Information (BfDI) in January 2019. By then, the European Union's most important instrument for comprehensive data protection had already been in force for several months: the European General Data Protection Regulation (EU-GDPR). It has modernized data protection at the European level and adapted the protection of privacy to new technologies and types of data processing. In an interview, Ulrich Kelber takes stock of two years of the EU-GDPR.
Professor Kelber, how do you protect your personal data?
First, I think very carefully about who I give my data to and for what purpose. Some things are quite obvious. For example, I only use messengers that are privacy-friendly and end-to-end encrypted. As a matter of principle, I and my colleagues in the Länder advise people to make sure their passwords are secure, that their anti-virus programs are regularly updated, and that the level of data protection in the services they use is as high as possible. The more sensitive the data are, the more critically I check.
The EU General Data Protection Regulation (EU-GDPR) has been in force for two years. What is your assessment?
The GDPR is a great success and has further potential for improvement. Its main objectives have been achieved, for example an increased awareness of data protection and improved enforcement by the supervisory authorities. The harmonization of data protection within the EU, which directly benefits both businesses and citizens, is an asset in itself. The GDPR has established itself worldwide as a model for new legal regulations. The main deficits I see are in the enforcement of data protection vis-a-vis the major international IT companies. With regard to information and documentation requirements, we should look into the possibility of reducing bureaucracy for small and medium-sized enterprises. The recently published evaluation report of the European Commission also sees a need for action on these points.
Many countries are taking Europe's approach to data protection as a model for themselves. Can and should the EU-GDPR become a global standard? What contribution is Germany making in this context?
Data protection has always played an important role in Germany. In 1983, for example, the Federal Constitutional Court formulated the then-new 'right to informational self-determination' in what became known as the 'census ruling', thus establishing data protection as a fundamental right. Today, the European Union has launched important initiatives and standards for data protection. This applies to the Charter of Fundamental Rights of the European Union and the EU Treaties, which include data protection as a fundamental right. But especially to the General Data Protection Regulation. It has strengthened the rights of those affected and adapted them to the conditions of the digital society. When companies offer their goods or services specifically to people in the EU – even if they have no branch office in the EU – they must comply with the provisions of the GDPR. In this way, the GDPR also influences data protection legislation in countries outside Europe, for example in Japan or in California, USA.
In your opinion, do strict data protection regulations and innovations contradict each other?
In the debate the comparison is often made with the highly developed digital economies in China or the USA. Their lead in the field of innovative technologies is described as virtually 'unassailable'. This direct comparison often fails to recognize the special features of Europe's digital landscape, which is much more fragmented. The market power of large platforms is different in Europe and, fortunately, data protection also plays a more important role. Data protection does not slow down technological progress or economic development. Rather, we try to create an understanding of the essential mechanisms to protect the personal rights of the individual. This aspect can become a unique selling point for Europe and generate business models that are innovative precisely because they are also data-protection friendly.
You would like to receive regular information about Germany? Subscribe here: