The structure of data protection supervision in Germany is considered to be more complex than in any other EU country. The reason for this is the federal principle to which supervision is subject. A total of 17 state authorities ensure that public and private bodies comply with the General Data Protection Regulation (GDPR) – and sometimes apply very different standards. Each federal state also has a different approach to staffing the management of authorities, which always leads to upheavals.
The state of Saxony-Anhalt, for example, has been looking for a successor to the state data protection officer (LfD) Harald von Bose, who left in 2018, for five years. For various reasons, the election of a new LfD repeatedly failed in the state parliament. This farce continues to this day: Most recently, at the end of June, the current candidate Daniel Neugebauer did not receive a majority, even though he was proposed by the government coalition of CDU, SPD and FDP; And, even though the state government controversially simplified the election process in April by abolishing the tender process.
In Lower Saxony, the new LfD Denis Lehmkemper had already been elected by the state parliament and was almost in office when his predecessor Barbara Thiel filed an urgent lawsuit against his appointment in June. Thiel criticizes the fact that her successor and CDU politician Lehmkemper was proposed through an agreement between the coalition factions SPD and Greens on the one hand and the CDU parliamentary group on the other. There was no call for tenders, although the GDPR requires selection based on qualifications, not party registers. The Hanover Administrative Court dismissed Thiel’s lawsuit, and the proceedings are currently in the next instance before the Lüneburg Higher Administrative Court. Lehmkemper will only be able to take over the management of the authority in September if the lawsuit is dismissed there too.
requirements of the GDPR
Prof. Fabian Schmieder explains the selection process for state data protection officers in the podcast.
It was high time for the c’t data protection podcast to focus on the procedures for appointing LfDs. Heise legal counsel Joerg Heidrich and editor Holger Bleich received support from Hannover University of Applied Sciences: Fabian Schmieder has been researching and teaching there since 2015 as a professor of media law with a focus on copyright and data protection law. In the podcast he explains what requirements the relevant Article 53 GDPR contains regarding selection procedures, transparency and qualifications of heads of supervisory authorities. The episode creates a lively discussion about the various procedures in the federal states.
Schmieder points out that the EU itself determines its data protection officer via a search committee that must propose at least three applicants. He suggests that such procedures should also be introduced in the federal states and refers, among other things, to the principle of the best selection enshrined in Article 33 of the Basic Law. Schmieder considers the democratic election process through the state parliaments to be good, but points out that there is always the risk of a lack of majorities – see Saxony-Anhalt.
Here are all the episodes so far:
To the home page
#Interpretation #Chosen #data #protection #officers