Data Protection in Germany: Difference between revisions
(→Constitutional Court: added section) |
(→History: +beginning of section) |
||
Line 21: | Line 21: | ||
==Legislation== | ==Legislation== | ||
===History=== | ===History=== | ||
'' | The birthday of data protection law in Germany is 30 September 1970, the date on which the Hessian state parliament<ref>''Hessischer Landtag''. [http://starweb.hessen.de/cache/PLPR/06/0/00080.pdf#page=59 Stenographischer Bericht 6/80 p. 4271f] 30. September 1970</ref> passed the Data Protection Act<ref name="dsg_he_1970">Datenschutzgesetz [HE 1970]. [http://starweb.hessen.de/cache/GVBL/1970/00041.pdf GVBl. HE 1970 S. 625]</ref>. | ||
On a federal level ''Bundestag'' and ''Bundesrat'' enacted the ''Bundesdatenschutzgesetz'' (Federal Data Protection Act).<ref>Bundesdatenschutzgesetz. [https://offenegesetze.de/veroeffentlichung/bgbl1/1977/7#page=1 BGBl. I 1977 S. 201]</ref> | |||
The next step in in data protection law was taken in 1983 by the German Constitutional Court.<ref>Bundesverfassungsgericht. Judgement of the first senate of 15. Dezember 1983 - [http://www.bverfg.de/e/rs19831215_1bvr020983.html 1 BvR 209/83, 1 BvR 269/83, 1 BvR 362/83, 1 BvR 420/83, 1 BvR 440/83, 1 BvR 484/83 (in DE)] ([https://www.bundesverfassungsgericht.de/SharedDocs/Entscheidungen/EN/1983/12/rs19831215_1bvr020983en.html Abstract in EN]) - [https://e-justice.europa.eu/ecli/ECLI:DE:BVerfG:1983:rs19831215.1bvr020983 ECLI:DE:BVerfG:1983:rs19831215.1bvr020983]</ref> The Court derived a fundamental right of informational self-determination: | |||
: <cite>1. In the context of modern data processing, the general right of personality under Article 2.1 in conjunction with Article 1.1 of the Basic Law encompasses the protection of the individual against unlimited collection, storage, use and sharing of personal data. The fundamental right guarantees the authority conferred on the individual to, in principle, decide themselves on the disclosure and use of their personal data. <br> 2. Limitations of this right to “informational self-determination” are only permissible if there is an overriding public interest. They require a statutory basis that must be constitutional itself and comply with the principle of legal clarity under the rule of law. The legislator must furthermore observe the principle of proportionality. It must also put in place organisational and procedural safeguards that counter the risk of violating the general right of personality.</cite> | |||
===National constitutional protections=== | ===National constitutional protections=== |
Revision as of 19:58, 1 April 2020
Data Protection in Germany | |
---|---|
Data Protection Authority: | BfDI (Germany) and 16 State DPAs |
National Implementation Law (Original): | Bundesdatenschutzgesetz (BDSG) |
English Translation of National Implementation Law: | English Translation |
Official Language(s): | German |
National Legislation Database(s): | Link |
English Legislation Database(s): | Link |
National Decision Database(s): | Link |
Legislation
History
The birthday of data protection law in Germany is 30 September 1970, the date on which the Hessian state parliament[1] passed the Data Protection Act[2]. On a federal level Bundestag and Bundesrat enacted the Bundesdatenschutzgesetz (Federal Data Protection Act).[3] The next step in in data protection law was taken in 1983 by the German Constitutional Court.[4] The Court derived a fundamental right of informational self-determination:
- 1. In the context of modern data processing, the general right of personality under Article 2.1 in conjunction with Article 1.1 of the Basic Law encompasses the protection of the individual against unlimited collection, storage, use and sharing of personal data. The fundamental right guarantees the authority conferred on the individual to, in principle, decide themselves on the disclosure and use of their personal data.
2. Limitations of this right to “informational self-determination” are only permissible if there is an overriding public interest. They require a statutory basis that must be constitutional itself and comply with the principle of legal clarity under the rule of law. The legislator must furthermore observe the principle of proportionality. It must also put in place organisational and procedural safeguards that counter the risk of violating the general right of personality.
National constitutional protections
You can help us fill this section!
National GDPR implementation law
In Germany the GDPR is implemented by the Bundesdatenschutzgesetz (BDSG).
You can help us fill this section!
Age of consent
You can help us fill this section!
Freedom of Speech
You can help us fill this section!
Employment context
You can help us fill this section!
Research
You can help us fill this section!
Other relevant national provisions and laws
You can help us fill this section!
National ePrivacy Law
You can help us fill this section!
Data Protection Authorities
BfDI (Federal DPA)
The German Federal Data Protection Authority (Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit) is the national data protection authority for Germany. It is however only in charge of federal government authorities and private telecoms and postal services. Any other private entity in Germany is regulated by the relevant state DPA.
→ Details see BfDI (Germany)
German State DPAs for the private sector
The following DPAs are in charge of private sector controllers (except telecoms and postal services) in Germany:
- LDA (Brandenburg)
- BlnBDI (Berlin)
- LfDI (Baden-Württemberg)
- BayLfD (Bavaria)
- LfDI (Bremen)
- HBDI (Hesse)
- HmbBfDI (Hamburg)
- LDSB (Mecklenburg-Vorpommern)
- LfDI (Lower Saxony)
- LDI (North Rhine-Westphalia)
- LFDI (Rhineland-Palatinate)
- ULD (Schleswig-Holstein)
- Datenschutzzentrum (Saarland)
- DSB (Saxony)
- LfD (Saxony-Anhalt)
- TLfDI (Thuringia)
Judicial protection
Civil Courts
You can help us fill this section!
Administrative Courts
Appeals against decisions of German DPAs are brought before the district administrative courts (Verwaltungsgericht; e.g. for the Federal DPA in Bonn/North Rhine-Westphalia - the administrative court in Cologne, for the LDI in Düsseldorf (North Rhine-Westphalia) - the administrative court in Düsseldorf). In most cases appeal against the courts decision (Berufung) is possible to the Lands corresponding Higher Administrative Court (Oberverwaltungsgericht [OVG], Verwaltungsgerichtshof [VGH] in Baden-Württemberg, Bavaria and Hesse; Berlin and Bandenburg share one OVG). In some cases appeal against the Higher Administrative Court (Revision) is possible to the Federal Administrative Court (Bundesverwaltungsgericht [BVerfG])- this appeal is also possible in some rare cases if plaintiff and defendant both agree as an appeal to a district court's decision (Sprungrevision).
The German administative courts regularly are described as used to interpreting european law. The European Court of Justice is in high esteem.
Constitutional Court
If no more appeal is possible (Rechtswegerschöpfung) constitutional complaints to the corresponding Constitutional Court of the Land (Verfassungsgericht [VerfG], Landesverfassungsgericht [LVerfG], Verfassungsgerichtshof [VerfGH], Staatsgerichtshof [StGH]) or the Federal Constitutional Court (Bundesverfassungsgericht [BVerfG]) is possible.
The Federal Constitutional Court ruled in 1986 (As-long-as-2-decision)[5]
- As long as the European Communities, and in particular the case-law of the Court of Justice of the Communities, generally guarantee effective protection of fundamental rights against the sovereignty of the Communities, which is to be regarded as essentially equivalent to the protection of fundamental rights which the Basic Law requires as indispensable, especially since the essential content of fundamental rights is generally guaranteed, the Federal Constitutional Court will no longer exercise its jurisdiction over the applicability of secondary Community law, which is used as the legal basis for conduct by German courts and authorities in the sovereign territory of the Federal Republic of Germany, and will therefore no longer review this law against the standard of fundamental rights of the Basic Law; corresponding submissions under Article 100 Section 1 of the Basic Law are therefore inadmissible.
and added in 2019 (Right-to-be-forgotten-2-decision)[6]
- In accordance with the principle of the primacy of Union law, the application of rules which are fully harmonised in Union law is, as a general rule, governed not by the fundamental rights of the Basic Law but solely by the fundamental rights of the Union. This primacy of application is subject, inter alia, to the proviso that the protection of the respective fundamental right by the fundamental rights of the Union that are applied instead is sufficiently effective..
Since data protection law is fully harmonised in Union law, in most cases brought before German Constitutional Courts the Articles 7 and 8 of the Charter of Fundamental Rights of the European Union might be interpreted before the German fundamental right to Informational self-determination (Article 2 Section 1 in conjunction with Article 1 Section 1 of the Basic Law).
- ↑ Hessischer Landtag. Stenographischer Bericht 6/80 p. 4271f 30. September 1970
- ↑ Datenschutzgesetz [HE 1970]. GVBl. HE 1970 S. 625
- ↑ Bundesdatenschutzgesetz. BGBl. I 1977 S. 201
- ↑ Bundesverfassungsgericht. Judgement of the first senate of 15. Dezember 1983 - 1 BvR 209/83, 1 BvR 269/83, 1 BvR 362/83, 1 BvR 420/83, 1 BvR 440/83, 1 BvR 484/83 (in DE) (Abstract in EN) - ECLI:DE:BVerfG:1983:rs19831215.1bvr020983
- ↑ Bundeverfassungsgericht, Second Chamber Ruling, Case 2 BvR 197/83 (in DE), 22. October 1986.
- ↑ Bundesverfassungsgericht, First Chamber Ruling, Case 1 BvR 276/17 (in DE), 6 November 2019. ECLI:DE:BVerfG:2019:rs20191106.1bvr027617