Data Act: State data protectionists fear disempowerment
According to data protection officers of federal states, the draft of the Data Act violates European law. They would be deprived of their competence.
(Image: rvlsoft/Shutterstock.com)
The state data protection officers are mobilizing against the draft bill from the Ministry of Economic Affairs and Digital Affairs to enforce the Data Act. The stumbling block: In Germany, the supervision of the processing of personal data by data controllers in the private sector is subject to the respective state data protection authorities, with a few exceptions. In contrast, according to paragraph 3 of the initiative of the two ministries, responsibility for monitoring the application of the General Data Protection Regulation (GDPR) is to be transferred to the Federal Data Protection Commissioner (BfDI) as part of the Data Act.
In a statement on the draft bill presented in February, the 17 data protection officers of the federal states – in Bavaria there are two relevant bodies – argue against the planned "special responsibility" of the BfDI. According to them, the project violates EU law and the constitutional distribution of administrative competencies. According to the clear wording of the regulation, the European legislator wanted to avoid a fragmentation of responsibilities, the submission states. The final regulation in the Data Act also offers no indication that the member states have the authority to make deviating provisions.
Duplicate structures and less legal certainty
In future, a federal authority would monitor the data processing of state authorities in the area of the Data Act in the public sector, the state representatives also point out. This would contradict the fundamental federal principles of order. Often, data protection issues under the Data Act could not be clearly separated from the GDPR. Both sides would therefore be responsible, which could lead to double supervision. "The bureaucratic consequences for companies, authorities and data subjects are particularly relevant in practice," emphasizes Berlin data protection officer Meike Kamp. "Instead of simplifying responsibilities, the federal government's plans will lead to duplicate supervisory structures and less legal certainty for everyone involved."
The IT association Bitkom already stated last year that an exceptional competence of the federal government for the implementation of the Data Act could result from the nature of the matter and Article 87 of the Basic Law on the distribution of tasks in the postal and telecommunications sectors. According to the plan of the two ministries, the Federal Network Agency is to become the central supervisory authority for enforcing and monitoring the regulation.
The Data Act obliges providers of networked products and associated services to make the data they generate available to users in an easily accessible form in real time and free of charge as standard. If the usage-generated data also contains personal data, its processing is governed by the GDPR, which also takes precedence in principle.
(mki)
