Regulation of data protection

 

In Germany, data protection is governed by numerous laws and regulations which can be classified into the following categories:

Federal legislation:

- The Federal Data Protection Act

- Federal data protection regulations governing specific areas

State legislation:

- The data protection acts of the states

- State data protection regulations governing specific areas

In determining which law or regulation to apply one needs to start by looking at whether the data are processed by public or private entities.

 

Data protection legislation governing the private sector

The general data protection requirements that have to be met by business enterprises in Germany are laid down in the Federal Data Protection Act. The English versions of the Act can be found on the Federal Data Protection Commissioner's homepage.

The Federal Data Protection Act provides that companies are allowed to process personal data only if

- processing of the data is permitted under a specific legal provision, or if

- the person whose data are to be processed has given his or her consent.

In addition, there are data protection regulations that apply to specific areas and that are contained in special laws. Those special laws take precedence over general legislation. Examples include the German Banking Act and the Money Laundering (Prevention) Act, the Telecommunications Act and the Regulation on the Supervision of the Telecommunications Sector.

 

Data protection legislation governing the public sector

The data protection laws and regulations at state level lay down the legal requirements that must be satisfied for public authorities and other public bodies in a German state to be allowed to process personal data. Like the Federal Act, the North Rhine-Westphalia Data Protection Act provides that a citizen's personal data may be processed only if

- processing of the data is permitted under a specific legal provision, or if

- the citizen whose data are to be processed has given his or her consent.

Apart from the general data protection laws there are special laws at both state and federal level that contain data protection provisions governing specific areas. For instance, the North Rhine-Westphalia Police Act includes special provisions concerning data processing by police services. Public authorities have to observe, with precedence, the data protection provisions laid down in the special laws that apply to them.

Data processing by federal authorities and other federal public bodies is governed by the Federal Data Protection Act. However, at the federal level, too, processing of personal data is increasingly regulated by special legislation. For example, the local Labour Offices which report to the Federal Employment Agency are subject to special regulations such as the 10th Volume of the Code of Social Law.

 

zurück zur Übersicht