Ulrich Kelber (SPD) rarely shies away from criticising his own government in his role as Commissioner for Data Protection and Freedom of Information (BfDI). During the presentation of his annual reports, he pointed out hasty procedures where data protection is at risk. EURACTIV Germany reports.
At the presentation of his activity reports on Wednesday (17 June), Kelber complained that too little attention is paid to data protection and freedom of information in government agencies and legislative procedures.
He particularly emphasised that the Ministry of Health had not always taken the time to debate all the necessary issues in its many draft laws and had occasionally involved it “too late.” He cited as examples the Digital Healthcare Act, the Implant Register Establishment Act, and the Measles Protection Act.
In some cases, there were even violations of the rules of internal procedure, and this also happened in other ministries.
“Particularly with sensitive issues such as health, it is difficult when the data protection authorities are asked for their opinions at a very late stage,” said Kelber.
More time should be taken in the legislative process, and “the timing of the next coalition committee” was not a “technical reason” for a shortened legislation timetable.
Call for independent monitoring review
He was particularly critical of security legislation, which will probably again be in the focus in 2020, and said the trend of planned major interventions in civil rights will continue. What is missing is a constant review of the existing competencies of the authorities.
In concrete terms, Kelber called for a “comprehensive monitoring account,“ as the Federal Constitutional Court discussed in 2010. It provides that the data protection risks of new laws are not examined in a vacuum, but instead in interaction with existing laws and instruments.
“Such an analysis does not exist to this day. This is one of the reasons why I take an extremely critical view of the constant accumulation of safety authority intervention options,” said Kelber.
He again called for a moratorium on new security legislation until there is an “independent, scientific study of existing security laws.”
Transparency instead of just freedom of information
Another of Kelber’s demands concerns freedom of information, which is his second field of competence alongside data protection. The existing Freedom of Information Act gives too much leeway and a transparency law is needed to make it easier for citizens to access public information.
Some authorities did not respond to anonymous or pseudonymous requests for information and requested the data of the applicants, although it was not necessary to fulfil the request. In other cases, answers to these questions may not be published, resulting in many identical questions.
Kelber’s own authority tries to “lead by example” and publishes such responses and other internal documents. A transparency law should force all authorities to do just that.
Supervision of the ‘Corona-Warn-App’
Currently, the biggest topic in Kelber’s area of expertise is the Corona-Warn-App, whose development he accompanied as a consultant.
It has a “good data protection architecture.” However, here too, his time as an involved party was limited, it was “not easy to do the consultation in seven weeks.”
With Tuesday’s release of the app, Kelber will now be in charge of its supervision. For example, he will check whether it fulfils its purpose, because according to the General Data Protection Regulation (GDPR), the processing of data is only legitimate if it fulfils its purpose.
Kelber does not see the risk of discrimination through the app.
If landlords or employers demand that the app be shown, they are already in violation of the GDPR. This would represent an insight into personal health data that is not justified, because an infection cannot be conclusively determined or excluded from the app data. Hence his appeal: “Better not try it.”
[Edited by Zoran Radosavljevic]