I have started again writing on/for CMSwire in English language. This is the orignal draft of my summary on our German GDPR discussion. The CMSwire article can be found here.
Recently, a data glitch at Amazon caused other users’ personal data to go “out of human error” to a German user who had requested his personal data from Amazon in accordance with the General Data Protection Regulation (GDPR). Amazon’s apology is human error and this is an isolated case. But there are already some voices in German politics that question therefore the GDPR generally: How are then then small enterprises supposed to give a data information if already a giant like Amazon fails at it.
In such statements it sounds to me more or less clearly through that enterprises would be overtaxed with the General Data Protection Regulation. It is missing quasi unwritten out only the sentence that one must loosen or lift the regulations. Meanwhile, Dorothee Baer, the Federal Government Commissioner for Digitisation, is already openly calling for this in another context. At the end of the year, she once again publicly bombed the drum and demanded a relaxation of the data protection laws in the health care system in order to be able to implement the electronic patient file by the end of 2021 at the latest.
GDPR and beyond: Relaxation of the data protection laws needed?
In Germany, we would have one of the strictest data protection laws in the world and the highest requirements for the protection of privacy. … That would block many developments in the healthcare sector, so we would have to disarm one or the other, delete some rules and loosen others. Doro Baer doesn’t just see it that way in the healthcare sector. More and more stakeholders are calling for laws to be relaxed so that Germany can remain competitive.
Others compare the threat with the threat of hacker attacks and data leaks against the GDPR. A comparison that limps. Both aspects are extremely relevant: The protection and the control of the personal data of the customers and citizens on the one hand. The Americans correctly call it Data Privacy. In contrast, protection against hackers, hacker attacks or even errors in the company’s own IT department. The empire strikes back with all possible and impossible arguments to fight tougher data protection regulations.
Tim Cook: “I am a big fan of GDPR”
Data protectors logically see it differently. And they even get help from unexpected sources. Tim Cook, CEO of Apple, for example, who said on 22 October in Berlin: “I am a big fan of GDPR. However, it does not represent yet everything, which must be made”. Also the statements of the researchers of the University of Oxford in cooperation with the “Reuters Institute for the Study of Journalism” in their study remarkably that the European Union with its new data protection basic regulation drives the “strictest and most farsighted” approach in the area of data protection.
Data protection does not have to be a “show stopper”. This can even become a competitive advantage for the location Germany (and Europe), if the use of data and artificial intelligence is cleverly combined with data protection and data security. There are certainly things that can and must be improved in the implementation and design of the General Data Protection Regulation (GDPR). Even if the GDPR should have overshoot here and there over the goal, which I did not perceive by the way so far, the General Data Protection Regulation has fired the discussion and perhaps also increased the sensitivity. And that is good so. It offers also chances – what is noticed like already mentioned also in the Silicon Valley.
“Data Protction Taliban” and dangerous “Data Krakens”
That wants also Ulrich Kelber, new German Data Protection Officer, who wants to help the GDPR to a more positive perception. The General Data Protection Regulation should be further improved. That goes neither by demanding on the one hand purely neoliberal and positivistic data pools, nor it goes with a pure refusal and prevention strategy of a “Data Protection Taliban”. And the argument about the use of our data by the known and more unknown data kraken is by the way no diffuse fear that with our data something happens that we do not want, but in view of Cambridge Analytica, the most recent reports of New York Times on Facebook dealing with data and many other occurrences an urgent task for the clarification and rule setting in the net.
There is room for manoeuvre: potential penalties should be imposed with a sense of proportion and deadlines could also be extended. However, there should be no question that basic data protection is a fundamental right of every citizen. There should be no question that I can find out what companies need to do with my data and be able to obtain this information promptly. And it is all too logical for citizens to be able to insist on my data being deleted.
Enterprises didn’t really take care of Data Privacy
The enterprises – just also the big companies – have neglected data protection over years because there were no correspondingly comparable laws, as it formulates the GDPR. Excel tables on the hard disk of every salesman, databases and data pots, uncontrolled and scattered in different IT systems. That is the reality. Now the outdated IT and data collection systems must be repaired, with measure and appropriate temporal period. But let’s not row back again, let’s not pull in the data protection tail too early and carelessly. Some companies would like that very much. The handling of data will shape the coming years. That is why stakes should now be hammered in where necessary! The GDPR is more chance and opportunity than risk. If necessar, slightly modify course, but keep the direction!