Friday, August 22, 2008

Stricter privacy laws - Germany

This is the latest press release (courtesy of DataGuidance News) regarding recent developments about privacy laws in Germany:

Minister of Justice calls for stricter privacy laws after data trade scandal

The German Minister of Justice, Birgitte Zypries, has called for stricter privacy laws following the recent data trade scandal, which unveiled that German citizens’ personal data are easy to find for sale on the internet.

The Ministry of Justice, who has responsibility in Germany for most consumer issues, proposed that companies should only be able to transfer consumer’s data to other companies with the prior consent of the data subjects involved. “At the moment, it is legal for companies to transfer certainkinds of data, such as names, age and addresses of customers, to other companies for marketing analysis purposes”, a Ministry of Justice spokesperson said to DataGuidance on 20 August 2008. “This provision does not apply to bank account information, and customers have the possibility to opt-out from their data being shared at any time”.

The Ministry of Justice also suggested that controllers should have an obligation to notify a data breach to the subjects involved and that companies should be forced to return any profits made with the illegal collection and processing of data.

The Ministry of Justice spokesperson clarified that Mrs Zypries made the recommendations “as a politician and as a member of the Social Democratic Party, and not in her formal position as the Minister of Justice”.

“Having responsibility for consumers’ rights, the Minister of Justice felt that German consumers expected her to express an opinion on the data trade scandal”, the spokesman explained to DataGuidance. “It is then up to the Ministry of Interior to take the recommendations on board and take any steps necessary to amend the law”.

In August 2008, an employee of a call centre engaged in fraudulent activities delivered a disc containing the names, contact information and bank account details of 17,000 German citizens to the Schleswig-Holstein consumer agency. The call centre would have used the information on the disc to contact the subjects involved and ask them to confirm their banking details in order to withdraw money from their accounts.

After the incident, the Federation of German Consumer Organisations (VZBV) appointed a journalist to conduct an undercover research on the trade of personal data. “We instructed a journalist to find out how easy it would be to buy German citizens’ personal data on the internet”, a VZBV spokesperson explained to DataGuidance on 20 August 2008. “Within hours, our investigator was offered a database containing the personal data of 6 million people and the bank details of 4 million people for EU 850”.

VZBV are still investigating the sources of the illegally sold data. “We have no confirmation yet as to who made the data available for sale on the internet”, said the VZBZ spokesperson, “however we are aware of the involvement of lottery companies that unlawfully collect personal data”.

Dr. Jochen Lehmann, Partner at German law firm Görg, said: ”While data protection has only been the subject of discussions among experts in Germany, it is now all over the headlines. This suggests that the debate over the unlawful collection and use of data will not simply fade away this time, and the involvement of the Minister of Justice is certainly a strong sign. Should the Minister’s recommendations be put into practice even partially, the data protection landscape in Germany will be considerably affected.”

No comments: