Personal data is processed around the clock – at work, when buying goods, when contacting authorities, in the healthcare sector or when traveling and surfing the Internet. Yet many people are unaware of the risks associated with their data, let alone their rights. The BMBF-funders Forum Privatheit is an interdisciplinary research association that has been researching data protection for years and providing well-founded information to citizens on this topic. In an interview, Prof. Dr. Alexander Roßnagel, spokesman for the “Forum Privatheit”, on how Europe can use data protection as an opportunity.
Professor Roßnagel, recently a lot of people had to deal with the topic of data protection: The widely used messenger service Whatsapp wanted to adjust its data protection rules on February 8th and oblige users to agree to them if they want to continue using the service. Due to public pressure, the data protection change was postponed to mid-May in order to initially inform those affected more precisely about the scope of the changes. What aspects of this current case are particularly interesting for you as an expert in data protection law?
For a free service on the Internet, you usually pay with your data. The data protection rules allow the provider to use them indefinitely in terms of time and content. Whatsapp wanted to pass the data on to the parent company Facebook, which combines them into personality profiles, uses them for individualized advertising, makes them available to others and exploits them for other profit interests.
How can we design technology – such as a messenger service – in accordance with data protection right from the start?
The service must be able to refinance. However, it should do this in a way that allows users to use it independently. For this it is important that users can choose between alternatives. Examples of such alternatives are: Payment with money or with data, with individualized, general or no advertising, with narrow purpose limitation and data deletion or with a wide range of uses. The most data protection-friendly variant must be preset and all data protection requirements implemented in the technology. In professional circles, we speak of privacy by default and privacy by design.
For many, however, data protection is still seen as a nuisance at the moment. Why is that? What can you do about it?
Many use “data protection” for other interests than the protection of fundamental rights. Its bureaucratisation often serves the purpose of secrecy or profit interests. Many companies hide their intentions behind cumbersome data protection declarations, which indirectly force you to accept unfair conditions. On the other hand, one must emphasize the objective of data protection – self-determination of the individual – and explain the context.
In your opinion, is the European General Data Protection Regulation a step forward for data protection?
By and large, yes. Above all, it expresses the values that the member states of the EU have agreed on on their way to the digital society: human dignity, protection of privacy and democracy. It thus shows a third way – between digital control with Chinese characteristics and California digital capitalism.
Germany and Europe have a certain lead in data protection. How can we maintain and use this lead?
For the European path of digitization, we need a certain technological sovereignty that enables technology development that promotes fundamental rights and is oriented towards the common good. The EU thus acts as a role model worldwide. Many other countries want to go this way together with us and are aligning their data protection laws with the GDPR. The EU must expand this path and show that it is enforcing its requirements against global providers.
In your opinion, what needs to be done so that data protection “made in Europe” can become a real innovation driver and quality feature?
Technologies from the EU should stand for “built-in” data protection and should therefore be attractive on the world market because other countries are looking for comparable solutions. Other economies can also be helped to develop products and services that can be offered on the EU market.
The GDPR stipulates that people must actively consent to the processing of their personal data. How do you rate this instrument of consent? Doesn’t it make widespread use of data possible?
Actually, the consent corresponds to informational self-determination. But it cannot lead to this if there is a glaring power imbalance between the parties. It is particularly unsuitable for the use of digital infrastructures – i.e. search services or social networks, for example – because their terms of use are fixed. Laws must ensure their fairness.
An important aspect of the work of the “Forum Privatheit” research association is an understanding of technology that aims to include ethical, social and legal requirements at an early stage. What does that mean and why is it so important?
Technical systems are socio-technical systems. Understanding how they affect people and society requires interdisciplinary cooperation between technology, economics, social sciences, humanities and law. If risks are to be avoided and opportunities are to be used, proposals for designing these technology systems that are compatible with the common good must be drawn up and incorporated at an early stage before a fait accompli arise.
Finally, a personal question: How do you feel about data protection when you use digital technology?
I use digital technologies when I live better with them than without them. Therefore, I do not use a social network. If there are suitable alternatives – such as video conferences, messenger services or search engines – or if I can design the technology – for example using cookies and settings – I will choose the most privacy-friendly solution. If there are no relevant alternatives – such as in the case of smartphone operating systems – “I’ll bite the bullet”.
Prof. Dr. Alexander Roßnagel is senior professor for public law, engineering law and environmental protection at the University of Kassel. There he heads the project group constitutionally compatible technology design (provet) and is director of the Scientific Center for Information Technology Design (ITeG). He is also the spokesman for the interdisciplinary research association “Forum Privatheit”, which is funded by the Federal Ministry of Education and Research. From March 2021, Prof. Dr. Roßnagel is also the Office of the Commissioner for Data Protection and Freedom of Information for the State of Hesse.
–
–
In the Privacy Forum, experts from seven scientific institutions deal with issues relating to the protection of privacy in an interdisciplinary, critical and independent manner. The project is coordinated by Fraunhofer ISI. Further partners are Fraunhofer SIT, the University of Duisburg-Essen, the Scientific Center for Information Technology Design (ITeG) at the University of Kassel, the Eberhard Karls University of Tübingen, the Ludwig Maximilians University of Munich and the Independent State Center for Data Protection Schleswig-Holstein. The Federal Ministry of Education and Research (BMBF) promotes the Forum Privatheit in order to stimulate public discourse on the topics of privacy and data protection.
–
–
–
