Report: New Federal Data Protection Officer found

After long deliberations by CDU, CSU, and SPD, the Frankfurter Allgemeine Zeitung (FAZ) now reports an agreement: A Freiburg legal scholar is to succeed Louisa Specht-Riemenschneider, who is prematurely leaving office due to illness.

According to the FAZ report, the coalition parliamentary group leaders of the Union and SPD agreed on the Freiburg legal scholar Moritz Hennemann. Born in 1985, he is 41 years old and barely meets the legal minimum age of 35 required for Federal Data Protection Commissioners. Hennemann would thus be the ninth Federal Commissioner in this role. The jurist is considered a data law expert who would largely continue the course of the incumbent. After studying in Heidelberg, Krakow, and Oxford, he worked as a research assistant, and lawyer and completed his habilitation in Freiburg in 2019. He then took over a professorship at the University of Passau until he returned to Breisgau just over two years ago.

Hennemann criticizes GDPR

In his published research, Hennemann dealt with a variety of data law issues, including those beyond classic data protection law. At the same time, the Freiburg legal scholar has never hidden his partial skepticism towards the General Data Protection Regulation (GDPR), which he himself is supposed to enforce, calling it an “innovation barrier” in 2020. In 2025, Hennemann analyzed that in data law discussions, “the geopolitical, economic, industrial, security, and defense policy dimensions of data generation, data use, and data transfer are not only obvious but have also not always been sufficiently focused on so far.” Hennemann believes, for example, that the controversial adequacy decisions for third countries like the USA must be made not only from a data protection perspective but also from other perspectives such as “economic policy, industrial policy, security policy, and defense policy dimensions.”

Moritz Hennemann would take office, however, at a time when, on the one hand, the role of the supervisory authority in monitoring intelligence activities is to be restricted by the coalition parties. On the other hand, activities of the state supervisory authorities are to be transferred to Graurheindorfer Straße in Bonn. Federal Data Protection Commissioners must be nominated by the Federal Ministry of the Interior. In a subsequent election in the Bundestag, many of the members of parliament must vote in favor of the candidate. Subsequently, the independence of the Federal Data Protection Commissioner is guaranteed under European law.

Orderly transition

The outgoing incumbent, Louisa Specht-Riemenschneider, had announced in March that she would have to resign from office for health reasons, but intended to remain in office until her successor was appointed. This is partly because, although there is a head of authority with the “leading official” – this person does not have the same formal powers as a Federal Commissioner for Data Protection elected by the Bundestag. Due to months of deliberations by the then government coalition, precisely this problem arose before Specht-Riemenschneider took office, a repetition that she now wanted to avoid despite her poor health.

(nen)