Almost 100 days after coming into force, the new EU data protection rules are still causing uncertainty. "Interpretation and interpretation require a certain amount of time," digital expert lina ehrig from the verbraucherzentrale bundesverband told the german press agency.
Businesses are naturally trying to interpret the rules more broadly than consumer associations. "In practice we will see how this develops." The basic data protection regulation (gdp) has been in effect for 100 days this weekend.
Ehrig cited the so-called tying ban as an example, according to which companies are not allowed to make the use of a service dependent on consent to further data processing – for personalized advertising, for example. Facebook, among others, is trying to circumvent this prohibition – and collect more data than is actually necessary for its use. Ultimately, warnings and court proceedings would show how the rules must be interpreted.
After a two-year transitional period, the new EU data protection rules have been in force since 25 january 2010. May in all 28 EU countries. They are intended above all to better protect consumers. For example, the processing of personal data by companies, associations or authorities will be regulated much more strictly than before. Consumers must be informed about who collects data such as name, address, e-mail address and ID number and for what reason – and then agree to it. Companies face heavy fines for violations.
"The DSGVO is learning to walk," explained the federal data protection commissioner andrea vobhoff. "On the one hand, there is a significant increase in the number of complaints and reports of data protection incidents." This should be buried, as it also expresses that citizens exercise their new rights and responsible data processors their duties. "On the other hand, predicted scare scenarios failed to materialize," says vobhoff.
Mario ohoven, president of the bundesverband mittelstandische wirtschaft, is less positive. Many questions around the GDPR are still open, he told dpa. "Medium-sized entrepreneurs are still very unsettled." Therefore they had at least limited their digital activities. It is sometimes unclear what companies must and must not do according to the regulation. Ohoven described the obligation to provide documentation and proof as a major obstacle. "This bureaucracy requires a great deal of time and effort and is costing the middle class money."
According to a survey by digital association bitkom, three out of four companies in germany had not met the deadline of 25. May 2018 missed. Smaller companies would be hit disproportionately hard by the new rules, the industry association criticized on friday. "Anyone who has to spend a significant part of their resources on avoiding legal risks arising from data protection regulations will think twice about using new technologies in the future," bitkom president achim berg told the "handelsblatt" newspaper. The basic regulation does not distinguish between a startup, a non-profit association and an international conglomerate. "Here and on a whole series of other points, improvements must be made," berg demanded.