The 2018 coalition agreement – data protection: Harmonisation, digitalisation and innovation
What legislative changes does the coalition agreement call for?
The major data protection reforms are currently underway at European level. The General Data Protection Regulation (GDPR) will take effect on 25 May 2018, and the legislative procedure of the so-called ePrivacy Directive is also nearing completion. The German Federal Government would like to use the remaining scope to balance citizens’ interests in the confidentiality and security of their data with the interest of a digital and innovative economy in the marketability and usability of this data.
Among other things, there are plans to look into the possibility of creating a separate law on employee data protection. Moreover, a contact person for data protection issues is to be designated who will ensure decisions that are binding for all of Germany and, in so doing, create legal certainty for digital business models. A modernisation of the Passenger Transportation Act is also being planned in order to allow for digital mobility options. A legal framework is to be created for autonomous driving which guarantees safety, data protection and data security.
What consequences will this have on companies?
The development of comprehensive legal provisions on employee data protection is a perennial issue in German politics; corresponding legislative proposals have already failed twice. There is no doubt that something needs to be done; the current, rather rudimentary, provision in the Federal Data Protection Act, which was hastily adopted as a stopgap in 2009 amidst a “data protection scandal” and has been in place ever since, is generally - and rightly - regarded as unsuccessful. The issues specifically addressed in the coalition agreement, namely the handling of privately used company technology and the protection of privacy rights of employees in connection with digital working processes such as the e-file, are certainly in need of regulation as well. However, it remains to be seen whether the grand coalition can find the strength, this time, to successfully conclude a legislative procedure on employee data protection in spite of all the conflicting views and interests.
What is interesting is the promise to create – in order to promote digital, innovative business models – a data protection contact for companies who will provide assistance in obtaining data protection-related “decisions that apply in all of Germany”. The fragmentation of data protection supervision in Germany, which stems from the fact that such supervision falls under the competence of the federal states, constitutes a significant problem and competitive disadvantage at an international level – and not just for small and newly established companies. Unfortunately, the coalition agreement says nothing about how such a plan could actually be implemented in view of Germany’s federal structure and the independence of the data protection supervisory authorities ensured under European law.
Also with respect to the topic of autonomous driving, which is particularly important for the German automotive industry, the coalition agreement merely announces that legal provisions will be enacted without revealing how the major conflicts, for example, concerning the right to use the generated data or liability issues will be resolved. It also remains to be seen whether business models such as UBER – which have so far hardly been able to flourish in Germany due to the restrictive legal situation – could also profit from the desired “digitalisation” of the Passenger Transportation Act.