There is a lot of praise from politicians and supervisory authorities for today’s fifth anniversary of the General Data Protection Regulation (GDPR). The set of standards has shown that “regulation – also and especially for powerful tech companies – is not a work of the devil, but a condition for effective protection of fundamental rights in the digital age,” explained the Greens Konstantin von Notz and Misbah Khan. Entirely different tones come from the company side. Wolfgang Weber, CEO of the Association of the Electrical and Digital Industry (ZVEI), complains: “In its current form, the categorical prohibition principle of the GDPR no longer fits in with a modern, data-driven economy.”
The “prohibition subject to permission”, which has found its way into the GDPR via German data protection law, is not that categorical. The processing of personal information from third parties is permitted, for example, on the basis of unequivocal consent, to fulfill contracts and tasks in the public interest or to realize the often cited and often quite broad “legitimate interests”. But that’s not enough for Weber. He also sees the prohibition principle as a contradiction to the planned EU Data Act, “which is supposed to accelerate data processing and data exchange”.
Uncertainties and obstacles to innovation for companies – fundamental reform of the GDPR required
The ZVEI criticizes that the GDPR does not fully meet the goal of establishing uniform rules and more legal certainty in practical application. He calls for a fundamental reform of the regulation in order to resolve the existing uncertainties and reduce obstacles to innovation for companies. This applies above all to the area of international data transfers, where the European Court of Justice (ECJ) repeatedly overturned agreements with the USA. Here “court-proof adequacy decisions with non-EU countries and the use of binding internal data protection regulations” such as Binding Corporate Rules (BCR) are necessary.
Furthermore, the ZVEI demands clearer guidelines that support the use of data by making personal data anonymous. Legal definitions and more options for the processing of pseudonymised data would be helpful here, but the reference to persons can often be easily restored. This would lead to real added value, especially in sectors with a high level of data exchange, such as medical technology or the energy sector with smart meters. In addition, the cooperation between the national supervisory authorities “must be fundamentally improved and made more efficient in order to speed up procedures”. This is the only way for the economy to “quickly put into practice” the inspectors’ decisions.
“Paralyzing fear and a one-sided trade-off between data protection and added value”
The IT association Bitkom assesses the situation in a very similar way, according to which the GDPR has not kept its promise of uniform, understandable and practical data protection rules throughout Europe. “Many companies therefore forego the development of new technologies and services – or relocate their projects abroad,” says Bitkom President Achim Berg, annoyed. This is shown not least by the “bans on innovative technologies such as ChatGPT in individual EU member states that have already been pronounced for a short time, which are causing massive uncertainty”. The GDPR basic concern is “extremely important”. Currently, however, there is “a paralyzing fear of mistakes and a one-sided weighing up of data protection and the added value of data use”.
Bitkom bases its scolding on the results of a representative survey of 602 companies with 20 or more employees from all sectors in Germany. 62 percent of companies are hesitant to use data because of concerns about violating the GDPR. 60 percent have already stopped plans for innovations due to data protection regulations or uncertainties. Alexander Rabe, Managing Director of the eco-association of the Internet industry, evaluates “the ongoing efforts to standardize European data protection regulations” more positively, in order to promote trust in digital services. However, his appeal also reads: “Especially in Germany, however, we must do more to counteract the sometimes contradictory fragmentation and, above all, excessive bureaucracy” in the case of different interpretations by the inspectors.
(bme)
To home page
