Around 200 data protection officers came together on June 28, 2022 for the first Data Protection Day Hesse & Rhineland-Palatinate to exchange views with experts from the supervisory authorities on topics related to everyday professional practice. The event was held in cooperation with the Data Protection Commissioner of Hesse and the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate in Frankfurt am Main and featured 17 keynotes, expert presentations and panel discussions, some of which took place in parallel.
The “Privacy Framework” announced by EU Commission President Ursula von der Leyen and U.S. President Joe Biden in March, which is intended to enable the transfer of personal data from Europeans to the United States, is very likely to end up before the European Court of Justice. This is the initial assessment of the Hessian Commissioner for Data Protection and Freedom of Information (HBDI), Prof. Dr. Alexander Roßnagel, at the 1st Data Protection Day Hesse & Rhineland-Palatinate. “A decision by the ECJ is, in my opinion, imperative,” the HBDI said in the opening keynote of the conference, which brought together some 200 data protection officers, primarily from public agencies, in Frankfurt am Main today (Tuesday, June 28, 2022). “The U.S. has already presented us with bogus solutions twice.” As a result, Roßnagel does not rule out action by German supervisory authorities under Section 21 of the Federal Data Protection Act against this third attempt at a legally compliant agreement, in addition to a renewed lawsuit by civil rights activist Max Schrems.
Prof. Dr. Dieter Kugelmann, the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate (LfDI Rhineland-Palatinate), addressed a special challenge of official data protection officers on the sidelines of the meeting. “Some time ago, as part of a municipal project, we surveyed the municipalities of Rhineland-Palatinate to find out what the mood was like among the data protection officers there,” Kugelmann said. “One of the findings was that many of them are only expected to coordinate in-house data protection on the side, sometimes with only five percent of their working time. Yet we believe the General Data Protection Regulation requires 25 to 40 percent of working time, depending on the size of the administration.” The variety and complexity of tasks that data protection officers are confronted with today became clear from the scope and diversity of the practical topics that were on the conference agenda: Among other things, they dealt with public relations, for example via social media channels of local authorities, digitalization in administration, and the application of artificial intelligence in authorities and offices.
Against this background, it is not surprising that the Professional Association of Data Protection Officers in Germany (BvD) e.V., which was the organizer of the conference together with the supervisory authorities, emphasized the need for better qualification and recognized certification of data protection officers. “We need a new quality of training,” said BvD board chairman Thomas Spaeing. In addition, he said, in order to be able to provide transparent proof of qualification, the certification of data protection officers is an important goal for the near future. The BvD is already working with partners on a personal certification program according to DIN standards. “Germany is in European competition on the subject of certification, for example with France,” Spaeing said. “We must not allow ourselves to be left behind if we want to set substantive accents here.”
In addition to the total of 17 keynotes, specialist presentations and panel discussions, some of which took place in parallel, the Data Protection Day was characterized above all by the fact that the participants were not only able to exchange information among themselves, but also to approach the experts from the supervisory authorities directly with their questions. This applied both to the conference breaks and to the interactive closing panel “The supervisory authorities answer your questions”. Due to the positive response, a second edition of the Data Protection Day Hesse & Rhineland-Palatinate is planned in 2023.
All information on the first Data Privacy Day Hesse & Rhineland-Palatinate at: www.bvdnet.de/datenschutztag