Skip to main content

Reshaping the German Federal Data Protection Act.

The German government has recently issued a draft bill regarding the adaption of the current framework of the German Federal Data Protection Act (FDPA) to the General Data Protection Regulation (GDPR) which applies as from 25 May 2018. The draft provides for German supplements where the GDPR left room for national derogations (so-called flexibility clauses).

While the Federal Minister of the Interior Thomas de Maizière praises the draft for being a significant step towards adapting uniform data protection rules in Europe and harmonizing the digital internal market as well as Germany for being the first country in Europe to create legal certainty in this respect, it is being highly criticized by German data protection authorities, just like the previous two draft bills. The Commissioner for Data Protection and Information Security for the State of Baden-Wuerttemberg Stefan Brink finds the draft to be ignoring mutual European data privacy standards and limiting the rights of data subjects. The Federal Commissioner for Data Protection and Information Security Andrea Voßhoff even calls certain aspects of the draft unconstitutional and contrary to European law.

The draft bill already found its way in the cabinet, however prior to becoming a law, the draft will have to be submitted to the Federal Council for its opinion, and subsequently pass the German parliament in which all German states are represented. Considering the criticism of German data protection authorities and taking into account that they report to the parliaments of the German states directly, it would not be surprising if further far-reaching changes were yet to come.

A link to the draft bill can be found here. The draft exists in German language only; an English version has not been published, and we do not expect for a draft to be translated.