Lower Saxony’s data protection officer Barbara Thiel calls for more staff for data protection. It was neither possible for her to act “proactively” in the event of data protection violations nor to provide adequate advice, as she writes in her activity report for 2021. Accordingly, the number of complaints received from data subjects remained the same as in the previous year (2,479 in 2020 and 2,538 in 2021), but the number of breaches reported by data protection officers increased (from 989 to 1,673). These often also referred to “security gaps in Microsoft Exchange servers (so-called “Hafnium Hack”), the loss, theft or incorrect transmission of data, as well as cyber attacks using phishing emails and encryption Trojans”.
Schrems II, Cookies and Co.
With regard to international data traffic, Thiel, in cooperation with other German supervisory authorities, has started to check whether companies are implementing the requirements of the Schrems II judgment of the European Court of Justice in July 2020. The focus was on compliance with the requirements for international data transfer for mail and web hosting, which was apparently challenging. Both business models and processes would have had to be modified in some cases.
200,000 euros for unauthorized video surveillance
According to the report, fines totaling 270,000 euros were imposed on those responsible for medical care, retail and mail order and tourism, but also on individuals. A fine of 200,000 euros was imposed for video surveillance of the employees without any legal basis. Other breaches reported include processing of personal data without a legal basis and processing of professional data for private purposes.
Thiel also criticizes the cooperation with the Ministry of the Interior regarding the police messenger Nimes. Although the Ministry of the Interior has purchased 5,000 service devices for police officers, most of them have not been distributed. She had to complete the test procedure with an “official complaint”.
Informational self-determination is not an end in itself
In addition, Thiel appealed in her report: “The polemical narrative about the stumbling block of data protection, which is not always accompanied by specialist knowledge, must finally stop. The right to informational self-determination is not an end in itself, but serves to directly protect the privacy of all citizens.” Especially in connection with the Corona measures, there was talk of a supposed “super fundamental right” in the context of data protection. The right to informational self-determination was also restricted by measures such as the collection of contact data as well as other fundamental rights. In this context, Thiel also expresses regret that when using the Luca app, “regrettably […] was incorporated late”.
Brandenburg also criticized
The state data protection officer of Brandenburg, Dagmar Hartge, recently presented her activity report for the year 2021. Above all, she criticized the use of the Luca app and the associated Sormas interface against her better knowledge – the documentation of the data processing was insufficient. In addition, only one district health department used the data from the Luca app for contact tracing and yet the rip cord was not pulled early enough.
To home page
#Saxony #Data #protection #officer #calls #staff #proactive #action