Privacy law

Data protection law is that part of the law which deals with the Privacy Policy.

Task of data protection law is to informational self-determination and legally protected secrets - especially the secrecy of telecommunications - and in order to create a balance between the privacy of the individual and the legitimate interests of the public and public and private data processors.

For data protection law in the broadest sense therefore includes all laws, agreements, arrangements and court decisions relating to the protection of privacy, SHapINg the right to informational self-determination or regulate the handling of secrets and personal data.

• 2.1 Germany
• 2.2 Austria
• 2.3 Switzerland

• 5.1 Magazines

Inter-and supra- national data protection law

United Nations

Even the Universal Declaration of Human Rights, proclaimed on 10 December 1948 by the General Assembly of the United Nations, the privacy of the people measure significance. In Article 12 of the Declaration states:

" No one shall be subjected to arbitrary interference with his privacy, his family, his home and his correspondence [ ... ] be suspended. Everyone is entitled to legal protection against such interference or attacks. "

Although the Declaration was not legally binding and is and the duties set out in their rights exclusively declaratory nature, they can still be counted among the pillars of the supra- national data protection law.

In September 2005, the 27th International Conference of Data Protection Commissioner and the protection of privacy, the United Nations called on the rights to privacy ( " privacy" ) and flesh out on data protection as human rights.

Euro Europe

Not least in view of the recently announced UN Declaration of Human Rights also contained the signed in 1950 and 1953 came into force European Convention on Human Rights of the Council of Europe a data protection scheme - although the term was not yet in use at the time. Under Article 8, paragraph 1 of the European Convention on Human Rights " everyone [ ... ] the right to respect for his private and family life, his home and his correspondence". This - rather declarative and programmatic to understand - set is still valid today; in Germany it is equal in rank to a federal law.

After the electronic data processing and hence the Privacy Policy in the 1970s became more and more important, the Euro Europe prepared a separate convention on data protection, which was agreed in 1981 as the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. The European Data Protection Convention, as the Convention was colloquially called, entered into force in 1985. By convention, the countries that joined her to observe certain elementary data protection principles in the automated data processing and enforce them in their own territory and against third parties undertake.

OECD

The Organization for Economic Cooperation and Development (OECD) in 1980 formulated guidelines for the Protection of Privacy and Trans -border flows of personal data. The guidelines are designed to facilitate cross -border data exchange. However, they are only non-binding recommendations and can now apply overtaken as the content. Practical significance do not have the OECD recommendations.

European Union

The data protection laws of the European Union by the year 2000 primarily under the idea of ​​creating and strengthening the common European internal market. Different national data protection laws are regarded as potential trade barriers. Privacy has been recognized as a fundamental right was not until the adoption of the Charter of Fundamental Rights of the European Union.

Charter of Fundamental Rights

In 2000, the Heads of State and Government of the EU Member States proclaimed the Charter of Fundamental Rights of the European Union. Article 7 of the Charter guarantees every person " the right to respect for his private and family life, home and communications ". Article 8 of the Charter statuiert beyond a right to protection of personal data. Data protection was thus explicitly recognized at the European Union level as a fundamental right. The Treaty of Lisbon, the Charter of Fundamental Rights of the EU and its Member States legally binding.

Article 16, paragraph 1 of the Treaty on the Functioning of the European Union stipulates that every person has the right to protection of personal data concerning him.

Guidelines

The Council of the European Union and the European Parliament adopted Directive 95/46/EC therefore 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ( Data Protection Directive), which was to harmonize the level of data protection within the European Economic Area. The German federal legislature had it with the implementation of this Directive in no particular hurry. Was only in 2001, six years after the entry into force of the Data Protection Directive, the German Federal Data Protection Act was adapted to the requirements of Directive

The Data Protection Directive was amended by Directive 97/66/EC concerning the processing of personal data and the protection of privacy in the telecommunications sector ( telecommunications data protection Directive ) 1997. The ISDN Directive, such as Directive 97/66/EC was colloquially called, was fated not last long. The tumult of technical developments in telecommunications, in particular the proliferation of mobile phones and Internet access, as well as the growth in e -mail communication required soon a complete revision of the Directive.

Therefore, the European Parliament and the Council adopted in 2002 the Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector, which replaced the Telecommunications Data Protection Directive.

Not for the data protection law in the proper sense belongs to the 2006 which came into force Directive 2006/24/EC on the retention of data. This Directive obliges EU Member States, data which are generated or processed in connection with the provision of publicly available electronic communications services to allow store to stock. It can therefore be seen more as a data-processing law.

Other acts

In 2000, the Regulation ( EC) No 45/2001 was adopted. It governs the privacy in the processing of personal data by the Community institutions and bodies of the European Union.

The Framework Decision 2008/977/JHA of 2008 relates to the protection of personal data processed in the framework of police and judicial cooperation in criminal matters. He had to be implemented by November 27, 2010 in national law.

As part of a general data protection reform a Data Protection Regulation should be adopted, which will replace the Data Protection Directive of 1995.

Has practical significance for the agreed between the European Union and the United States of America Safe Harbor Agreement. It allows the transfer of personal data from the EU territory in the U.S., provided that the data receiver meets certain criteria for data protection. This possibility make including Microsoft and Amazon.de use.

National Data Protection Law

Germany

The German data protection law is largely determined by the Census judgment of the Federal Constitutional Court in 1983. The first recognized in the census decision fundamental right to informational self-determination and the detailed specifications which imposed the legislature with respect to the limitations of this fundamental right, the Federal Constitutional Court, have been reflected in all legal data protection regulations.

The Basic Law for the Federal Republic of Germany of 1949 ( GG) contains the fundamental right to privacy of correspondence, posts and telecommunications secrecy important data protection regulations. However, it does not make any statements on legislative competence, ie the question whether responsible for the data protection legislation of the Federation or the Länder. Therefore lack of competence allocation is basically the countries the legislative competence (Art. 70 para 1 of the Basic Law ). The Federal Constitutional Court has held that the federal government always has competence to adopt privacy policies, when it is " one assigned to him to legislate matter judiciously can not govern without the data protection regulations will be along" This is therefore a case of so-called legislative competence of factual connection.

Laws that expressly regulate the protection of personal data in the data processing were only adopted in the 1970s. The state of Hesse adopted in 1970, the first data protection law in the world.

The most famous German rules on data protection, the Federal Privacy Act, which entered into force in 1978. It applies to federal agencies and the private sector. The sixteen German federal states have their own state data protection laws that apply to the appropriate local authorities and municipalities.

Both the Federal Data Protection Act as well as the country's data protection laws apply only in so far as there is no more specific data protection law for the specific facts. For example, need to consider the specific data protection provisions of the Telemedia Act on the processing of personal data of their customers Internet providers. If the Internet provider on the other hand handle personal data of its own employees, is valid - because in Germany no employee data protection law exists - the general Federal Data Protection Act. ( See also: Privacy for employees. ) For postal operators, postal services data protection regulation applies.

Considerable practical importance have the rights enshrined in the social laws provisions protecting the social mystery. In addition to the general rules for social data protection, which are laid down in the second chapter of the Tenth Book of the Social Code (SGB X), there are detailed data protection measures in all other books of the Social Security Code.

For the public- service broadcasters (5 GG Art ) apply to both the substantive law as well as the control due to their distance from the state special rules. Due to the distance from the state and the constitutionally prescribed warranty and organize the public service broadcasting radio stations can not be controlled by a "state" data protection officer, but must be ordered in the way the institution -autonomous control of their own data protection officer. He is the controlling body for the purposes of article 28, paragraph 1 Data Protection Directive 95/46/EC of 24 October 1995.

2008, the Federal Constitutional Court developed the fundamental right to ensure the confidentiality and integrity of information technology systems. This fundamental right is used primarily for the protection of personal data stored and processed in information systems. This right is not specifically mentioned in the Basic Law. It was formulated as a particular expression of the general personality right by the Federal Constitutional Court.

The planned 2009 Data Protection Audit Act was not passed by the Bundestag.

In February 2010, the Genetic Diagnostics Act came into force. This regulates the use of genetic data.

Austria

The core data protection law in Austria is regulated by the Data Protection Act 2000. This Act implements the EU Data Protection Directive. The legislative history of the 2000 Act is similar to those in the rest of the EU. Initially planned by the legislator, to confine itself to a revision of the old data protection law. But then it has been recognized by the EU Data Protection Directive brings a variety of new features, so that a simple amendment can not conform to policy. Thus was necessary a new law. § 1Vorlage: § / Maintenance / RIS Find Data Protection Act 2000 guarantees a fundamental right to privacy. Factually the confidentiality of personal information is protected, as far as a legitimate interest, in particular with regard to Article 8 of the ECHR. Therefore, the basic law is seen as a complement of Article 8 ECHR. Personally, natural and legal persons to be protected. The fundamental right is not unlimited. Interventions can be justified by the consent of the person concerned or an overriding interest in the data processing. The core of the Austrian data protection law is the principle of the prohibition with the permission of title. The results from § 7Vorlage: § / Maintenance / RIS Search Section 1 Data Protection Act 2000 in conjunction with § 8Vorlage: § / Maintenance / RIS search 9Vorlage §: § / Maintenance / RIS search DSG 2000 After this data processing is generally unlawful, unless it intervenes justification..

But the Austrian general civil law of privacy is anchored. In the Austrian civil law, the right to privacy is of great value. § 16Vorlage: § / Maintenance / RIS is part of the Civil Code Search Urbestand of modern Austrian private law. This general clause is a gateway for the civil right protection of the privacy and thus also of data protection.

Switzerland

In Switzerland, the data processing in Confederation and the cantons is regulated. When data is processed by federal or private, so basically does the Data Protection Act the federal government to use. Edit cantonal authorities, however, personal data, then the data protection law is governed by the cantonal regulations.

Due to the federal structure of Switzerland and the constitutional division of powers between the Confederation and the cantons are in the Canton area of ​​data protection autonomous and are not subject to overall control of the federal government. Thus, there is in Switzerland 27 privacy laws and as many data protection authorities.

Canon Law

Within the Roman Catholic Church from the 13th century with the confessional a widely recognized and respected by the state data protection rule. However, the seal of confession only obliged the chaplain. In 1983 was included in the Code of Canon Law for the prohibition to violate " right of any person to protect their own privacy ." This rule applies to all members of the Catholic faith.

In addition to these general rules formulated exists with the arrangement on the Church Notice a detailed rules and regulations for all Roman Catholic institutions in Germany. The arrangement is similar in content to the Federal Data Protection Act.

For institutions of the Evangelical Church of the Data Protection Act of the Evangelical Church in Germany applies. Like the arrangement on the church Privacy also includes the EKD Data Protection Act parallels to the German Federal Data Protection Act.

Criticism of the data protection law

The data protection law may meet only imperfectly its purpose today. It is based in its basic structures on the data protection strategy for the 1970s, which in turn is based on the electronic data processing at that time. This was through the central data storage on mainframe computers, limited storage capacity and a relatively small circle of - in data processors - mostly state.

The technical development of the past 30 years has taken into account the State Data Protection law only in part and with considerable delay. Technical innovations that might affect privacy - for example, Internet, video surveillance, biometrics, RFID - are not legally or insufficiently regulated. Not even many law amendments have been able to change anything.

In addition, in particular applies the German data protection law as " over-regulated, fragmented, confusing and contradictory" (Alexander Rossnagel ). Today, even the experts can not overlook in their entirety, the data protection law. There is also a " massive lack of enforcement of data protection " (Johann Bizer ): violations of data protection rules usually have no consequences because the persons concerned by an abusive data processing usually have no knowledge and the national data protection authorities do not have the necessary human resources to the to control data processors effectively.