Conflicting views and long-awaited personal conversations marked BvD fall conference and Authorities Day in Munich
It was a nail-biter until the very end. First, the hotel booked in Nuremberg for the BvD autumn conference had become too small because the demand for a conference on-site far exceeded the BvD’s expectations. The alternative location in the east of Munich was soon found. Then, however, the incidence rates rose again. But with it worked out after all. On site, 175 data protection officers met, online more than 300 joined and followed the presentations on the 5th edition of “Economy meets Supervisory Authorities” as well as the Authorities Day. Both events focused on the “Challenges of the Modern World of Work.”
Conflicting views quickly emerged. “You can’t praise the successes of the GDPR without addressing the grievances,” said Federal Data Protection Commissioner Ulrich Kelber in his video-broadcast speech from Bonn. By that, he meant the differing interpretations, controls and processing speed in EU member states. “Ireland is the bottleneck of data protection,” Kelber affirmed. The country, he said, is making compromises with Facebook, for example, that are damaging the reputation and acceptance of the GDPR. “We have to show these U.S. data leeches boundaries,” Kelber said.
At the same time, he opened a path in the second major DSGVO conflict line, data transfer with the US. Following the Japanese model of “data free flow with trust,” the EU could try to conclude a corresponding agreement with the U.S. – and work toward a level of data protection that is as similar as possible. To this end, he said, the talks during Germany’s G7 presidency next year would also be important.
Conflict line employee data protection
But in Germany, too, the lines of conflict surrounding data protection regularly come to light. One example is the question of how data protection can be guaranteed in the world of work, the main topic of the conference. BvD Chairman Thomas Spaeing warned against the “transparent employee. In his welcoming address, he stressed that employees should not suffer any disadvantages as a result of digitization.
According to Dr. Stefan Brink, State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg, there is growing resentment among the population about inadequately implemented data protection. In the meantime, the mark of 10,000 submissions about inadequate data protection per year has been exceeded, half of which come from citizens, “and there are more and more complaints about the public sector,” Brink said.
But reports of data breaches are also on the rise, according to him. All the more reason for him to offer advice to responsible parties. “We don’t do this to promote business,” Brink said, responding to a common counterargument. Rather, he said, it’s an effective way to provide education. “Every advisory saves us a lot of complaints,” he said.
“DPOs have to be uncomfortable.”
Dr. Stefan Brink described law professor Niko Härting from Berlin as one who does not shy away from controversy. He spoke about data protection as a bulwark against an encroaching and unlawfully behaving state. Data protection officers are defenders of freedom and must not look the other way, he demanded. “DPOs have to be uncomfortable.”
Today, he said, data protection is seen more as an instrument of consumer protection and compliance. “Many of us earn our money with compliance,” Härting said. But that, he said, is the world of bureaucracy. “We must not get comfortable in the comfort zone of compliance,” he warned. Rather, DPOs must participate in social discourse, he said. “This also applies when data is processed for a good purpose. The end does not justify the means,” Härting said.
Professor Uwe Kanning, a business psychologist from Osnabrück University of Applied Sciences, highlighted the problems of using AI to select applicants – and thus came to a different legal assessment than lawyer Nina Diercks, who spoke on the same topic. And the discussion panel on the perennial topic of employee data protection also showed the controversy of the debate: Peter Wedde, professor of labor law and information society law at the Frankfurt University of Applied Sciences, and co-host Dr. Stefan Brink said “yes,” while Roland Wolf, head of the labor law department at the Federation of German Employers’ Associations (BDA), is convinced: “More regulation does harm.”
Secret focus: meeting people
The fact that controversy also means mutual exchange and togetherness was experienced as something very special by the participants in Munich after the Corona isolation. Stefan Brinck was already raving at the start about the “great view” he had of the attendees from the podium. And Michael Will, President of the Bavarian State Office for Data Protection Supervision, also saw mostly “happy faces.”
“Networking again att last, meeting people, having fun together – that’s been missing for a long time,” said Felix Machenfuss of OneTrust, one of the eight event partners, who got to talk to the participants at their booths in front of the plenum.
And so it is to be hoped that the next events can again take place in full force and presence. After all, the fall conference clearly showed how important communication and personal exchange are to data protection officers.