Data Protection Academy » Data Protection News » GDPR protects fundamental civil rights

Text in the picture: "Unfortunately, the GDPR has only been in existence for one year (part 1)".

GDPR protects fundamental civil rights

Reasons to look forward to the coming years with the General Data Protection Regulation!

May 25, 2019 marked the anniversary of the entry into force of the Basic Data Protection Regulation (DSGVO) for the first time. Across Europe, 200,000 breaches were reported to regulators and €56 million in fines were reported. The largest fines imposed went to Google and a hospital in Portugal. In Germany, a total of 485,000 euros in fines were imposed for 75 very different violations. The flood of notifications is almost unmanageable for the supervisory authorities.

Trotz dieser Vielzahl an gemeldeten Verstößen, Anzeigen oder Bußgeldern: Die Motivation zur Umsetzung der DSGVO sollte nicht aus Angst vor Strafe resultieren. Die Motivation zur Umsetzung der DSGVO ist folgende: Sie macht einfach Sinn! Warum das so ist und warum Sie besser heute als morgen mit der Umsetzung anfangen sollten, erklären wir Ihnen mit der Beitragsserie “Leider gibt es dir Datenschutzgrundverordnung erst ein Jahr – Drei Gründe, um sich auf die kommenden Jahre mit der DSGVO zu freuen!”.

Part 1: The GDPR protects our fundamental civil rights

The concept of data protection is relatively recent, but has not only existed since 25.05.2018.

1960

The idea of comprehensive data protection began in the USA in the 1960s - contrary to the expectations of many. The starting point for the considerations was the rapidly advancing developments in the field of computer technologies and the resulting rapid and uncontrolled dissemination of personal data. The permanent and seemingly unlimited availability and analyzability of data posed a threat to privacy both then and now.

1970

In 1970, a data protection law was written down in Hesse for the first time worldwide. The first Federal Data Protection Act was passed in 1977, the peak year of the RAF terror and the murder of Siegfried Buback.

1980

However, due to the so-called census ruling of the Federal Constitutional Court in 1983, it became clear that the current regulations in the Data protectiondo not meet the requirements of the Basic Law. With the Right to informational self-determination data protection was given a fundamental right character. This right is based on the right of personality and human dignity and is described by the Federal Constitutional Court as follows:

"In this respect, the fundamental right guarantees the right of the individual to decide on the disclosure and use of his or her personal data.

Source: www.bfdi.bund.de

Even then, the danger was recognised that personality profiles could be created on the basis of collected data without the person concerned having any influence on it. This danger is more topical than ever in the age of digital data octopuses.

From this the core of the Federal Data Protection Act was derived: the Prohibition in the case of subject to authorisation for the processing of personal data. Accordingly, the processing of personal data is generally prohibited, unless it is permitted by a legal basis. This is a very restrictive restriction on the processing of personal data for very specific purposes, for example in the context of an employment relationship.

1990 until today

The legal provisions have been amended over the years - for example, in 2009 and 2010 - and most recently culminated in the adoption of the General Data Protection Regulation in the European Parliament in May 2016, which replaced the European Directive on the Data protection replaced. The GDPR then came into force with a transition period of two years on 25.05.2018 binding for all member states.

The GDPR is much more powerful than it seems. Many provisions of the GDPR are similar to the Federal Data Protection Act in force to date. But in one part it clearly goes beyond the Federal Data Protection Act. Chapter three of the GDPR deals with the defined rights of data subjects and can be considered as the central mechanism for the future implementation of informational self-determination.

These rights enable data subjects to

  1. ...to understand who processes data, how and for what purpose and to whom the data is passed on (Art. 13 GDPR)
  2. ...if data is collected and processed by third parties without the knowledge of the data subjects (Art. 14 GDPR)
  3. ...to request information about which data are actually processed (Art. 15 GDPR)
  4. ...to demand that data be processed correctly (Art. 16 DSGVO), deleted upon request (Art. 17 DSGVO) or that processing be restricted upon request (Art. 18 GDPR)
  5. ... to take data with us when we want to switch between digital services, for example (Art. 20 GDPR)
  6. ...to require in individual cases that automated decisions (e.g. when granting a loan) be reviewed by a human being (Art. 22 GDPR).

Since the introduction of the General Data Protection Regulation, discussions on data protection have increased significantly. Some state actors, such as the police or secret services, see data protection as an obstacle to their activities. Large companies such as Google, Facebook and Microsoft are also reacting to data protection when implementing their services and are shifting server capacities from the USA to Europe.

This is a thoroughly positive development, which shows that the GDPR is having an impact. Informational self-determination is strengthened and fundamental civil rights are protected. Nevertheless, there is still a lot of potential for implementation, particularly in the area of the rights of those affected.

In part 2 of the series of articles you will learn how the DSGVO makes companies fit for the digital future.

Nadine Porrmann
Latest posts by Nadine Porrmann (see all)

This might interest you too:

Whistleblower Protection Act

The Whistleblower Protection Act: regulations and obligations for companies, requirements for whistleblowers, white paper including checklist!

Smart Home Privacy Concerns

Smart Home applications: Find out why the benefits in everyday life often involve data protection risks and how you can protect yourself.
Picture of Thomas Ulrich on Pixabay

Federal Council increased duty to appoint data protection officer to 20 persons

On 20 September, the Federal Council decided that a company data protection officer only needs to be appointed if the number of employees exceeds 20.