• Nenhum resultado encontrado

Data Governance in Germany –

N/A
N/A
Info
Descarregar agora
Protected

Academic year: 2023

Share "Data Governance in Germany – "

Copied!
48
0
0

Carregando.... (Ver texto completo agora)

Descarregar agora ( 48 páginas )

Texto

The aim of the report is to provide a reference point and highlight the system and roots of data management in Germany. The report was compiled as part of the creation of the "Data Governance Playbook" on behalf of the Mozilla Foundation. This report expands on the "Data Governance Playbook" when it comes to providing an overview of the data governance system in Germany and details the individual mechanisms, instruments and approaches - it is an expanded version of the overview found in the "Playbook".

However, readers of the "Playbook" can find more information and details about data management instru‐ ‐ ‐‐.

Legal Framework

Constitutional Framework

  • National Level
  • European Level

While the fundamental rights enshrined in the Basic Law provide protection against actions of the State (Abwehrfunktion), they also require a proactive duty to protect (Schutzpflicht des Staates). This duty means that the state must introduce protective measures against violations of fundamental rights by private entities. At the European level, the Charter of Fundamental Rights of the European Union (CFR) contains a right to protection of personal data.

Pursuant to Article 8, paragraph 1, of the CFR everyone has the right to the protection of personal data concerning them.

Relevant Laws and Regulations

  • Data Protection Law
  • The Act on Copyright and Related Rights
  • The Act on the Protection of Trade Secrets
  • The Civil Code
  • The Data Governance Act
  • The Data Act
  • The Data Use Act
  • The Artificial Intelligence Act
  • The Digital Services Act
  • The Digital Markets Act

In addition, the European Convention on Human Rights (ECHR), which applies to all member states of the Council of Europe, contains in Article 8 ECHR an equivalent of Article 7 CFR which recognizes that it also includes a right to the protection of personal data includes. Since 1995, with the European Data Protection Directive9, data protection law in Germany has been shaped by a European framework that defines the foundations of data protection law in all Member States of the European Communities/Union. It should also be borne in mind that the purpose of data protection law is to protect the individual's right to informational self-determination; data protection is only one means to this end.

9 Directive 95/46/EC of the European Parliament and of the Council of October 24, 1995 on the Protection of the Individual. 10 Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 for the protection of natural persons with regard to the processing of personal data and for the free movement of such data, and the repeal of Directive 95/46/ EC. 12 Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002 regarding the processing of.

14 Directive (EU of the European Parliament and of the Council of 11 December 2018 on the introduction of the European Electronic Communications Code. The German Civil Code (Bürgerliches Gesetzbuch, BGB) is the central codification of German general private law, which it constitutes in combination with One of the central principles are that the respective data sets must be relevant, representative, error-free and complete.38.

36 Proposal for a regulation of the European Parliament and of the Council establishing harmonized rules on artificial. Gatekeepers are providers of core platform services that provide any of the services listed in Section 2(2) DMA.

Data Governance: An Overview of Approaches, Mechanisms and Instruments

Data Sovereignty

  • Personal Data Sovereignty
  • Use of eID for Identification and Age Verification
  • Data as Compensation
  • Ownership of Personal Data?
  • Absolute (or Close to Absolute) Rights to Non‐Personal Data?
  • Data Possession
  • Data Portability and Interoperability
  • Voluntary Provision and Sharing of Data

Ensuring this personal data sovereignty is the primary objective of the right to protection of personal data, the right to informational self-determination and data protection legislation. When the eID card is used for identification and authentication, the personal data is transferred directly to the system of the entity asking for identification. At the same time, it must be kept in mind that the legality of data processing in terms of data protection legislation does not affect the effectiveness of the contract.

Criticism of the legal concept of unreasonableness has already been expressed in the legislative process. The right to informational self-determination entails the individual's authority to determine the disclosure and use of his personal data. The idea of ​​data ownership (with regard to personal data) thus envisages a right of the individual to be able to exclude others from handling their personal data as an ab‐.

67 For example Article 10 GG (Privacy of correspondence, mail and telecommunications), Article 13 GG (Inviolability of the home). A fundamental distinction must be made between data and ownership of the data carrier/storage medium. The creator of this database (Datenbankhersteller) and therefore the holder of the rights according to §§ 87a et seq.

85 Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of data. 89 This act is intended to implement Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June. Voluntary provision of (usually personal) data has recently been widely discussed in the context of the COVID-19 pandemic under the term "data donation".

The authors of the expert opinion do define data donation in the context of research with medical/health data (according to options 1 and 3) as a “voluntary and informed con‐.

Data Intermediation Services

  • Data Trusts/Data Fiduciaries
  • Data Cooperatives
  • Data Marketplaces
  • Data Pools
  • European Data Spaces
  • Personal Information Management System (PIMS) Providers

The group of phenomena often referred to as "data-trusts" or as "data-trustee" can be structured as a three-sided constellation: There are several "data-providers" (1) who transfer data to a "data-trustee " or. may, but need not, be a personality difference between "data providers" and "data users". In contrast, a "data merchant" can be understood as someone who buys data to use as their own commodity. especially to exploit them to their own advantage.

A broad definition of a “data trust” or “data fiduciary” may be: a natural or legal person or partnership that mediates access to data provided or held by a “data trust” or “data fiduciary” pursuant to. In the mediating interest of the data subject (custodian), the fiduciary is proposed as a powerful intermediary. However, it is also possible that the data trust purposes will benefit both the interests of the data subjects and the data processor in a cumulative model, for example where the data may be processed by the data processor for special purposes. in the secured area ("data.

127 While "data trust" appears to be the more generic term and more commonly used, "fiduciary" is used in recital 33. The differences regarding the type of storage lead either to the scenario of a data room ("data host") or of a pure data transfer instance ("data cache"). So-called "data trusts" or "data fiduciaries" are classified as data mediation services, if the aforementioned-.

However, it should be noted that other forms of "data trusts" or "data fiduciaries". With a company-wide data sharing pool, the company's data sets can supposedly be used much more efficiently.

Other Data Sharing Models

  • Open Data
  • Legal Obligations to Share Data
  • Processing on Behalf of a Controller and Joint Controllers
  • Data Brokers
  • Processing of Anonymized Data
  • Public Data Trusts / Re‐Use of Data Pursuant to DGA
  • Data Trusts/Fiduciaries and Other Services Not Classified as Data Intermediation Services

Data processing on behalf of the data controller is thus becoming more and more the rule for business start-ups. Having a website hosted151 and implementing forms of third-party analysis tools152 also lead to situations of processing on behalf of the data controller. This has legal implications: As business start-ups remain data controllers in respect of outsourced processing of personal data, and the use of digital and "...-as-a-service" services regularly constitutes data processing on behalf of the data controller, there should be a high level of interest on their part to comply with the requirements of the GDPR.

Data processing on behalf of the data controller differs from the so-called "joint data controller" in Article 26 GDPR. Determining creditworthiness and providing credit reports is the basis for the German credit system and thus also for the functioning of the economy.155 Data brokers are called "Auskunftei" in this particular context, i.e. since this type of data processing creates a risk of profiling of data subjects with regard to possible sensitive forms of data, additional requirements have been introduced to protect them.

159 Use of probability values ​​calculated by credit reporting agencies to determine an individual's capacity and ability. However, due to technological advances, there is always the risk that anonymized data will be de-anonymized at some point in the future, allowing the data subject to be re-identified. A potential benefit could be increased trust in the processing of anonymized data, which could encourage the use of artificial intelligence and big data by reducing the risks and liabilities of anonymous sharing.

The DGA provides specific rules for the re-use of data held by public sector bodies. Article 3(1) DGA lists business secrecy (including trade, professional and company secrets), statistical secrecy, the protection of the intellectual property of third parties and the protection of personal data as grounds that deserve protection.

Summary

Blankertz, A./Specht-Riemenschneider, L., Enabling New Models – Regulierung für Datentreuhänder. Hrsg.), EUV/AEUV – Verfassungsrecht der Europäischen Union mit europäischen. E./Hoffmann, C./Jöns, J./Jotzo, F./Goeble, T./ Hornung, G./Friederici, F./Grote, R./Radusch, I., „Eigenschaftsregeln“ für Mobilitätsdaten - Eine technische Untersuchung. Displacement, Economic and Legal Perspective, Berlin 2017, verfügbar unter:. Hrsg.), Datenschutz im Internet – Rechtshandbuch zu DSGVO und BDSG, Baden-Ba-. Kempny, S./Krüger, H. S./Spindler, M., Rechtliche Gestaltung von Datentreuhändern – eine interdisziplinäre.

Kriesel, T., Legal Issues in the Digitalised Economy: Data Rights – A Statement, Berlin 2019, verfügbar unter: https://www.bitkom.org/sites/main/files/2019‐09/bitkom‐stellungnahme‐zu‐ datenrecht‐ . ten_long version_final_0.pdf, zitiert als: bitkom 2019). Hrsg.), Gesetz gegen den unlauteren Wettbewerb, 41. Auflage, München 2022 (zitiert als: Autor, in: Köhler/Bornkamm/Feddersen 2022). Hrsg.), Charta der Grundrechte der Europäischen Union, 5. Auflage, Baden‐Ba‐. B./Craglia, M., Das aufkommende Modell des Datenmanagements im Zeitalter der Datenfi. Münchener Kommentar zum Lauterkeitsrecht, herausgegeben von Heermann, P. Nebel, M., Opt-out alle: Mit der Consent-Management-Regelung gegen den Cookie-Banner. Petri, T., Primäre und sekundäre Nutzung elektronischer Gesundheitsdaten, DuD Rehbinder, M./Peukert, A., Urheberrecht und verwandte Schutzrechte, 19. Auflage, München 2023.

Roßnagel, A., Rechtliche Fragen eines smarten Datenaustauschs – datengetriebene Zusammenarbeit in der Industrie. Roßnagel, A., Datenschutz im computerisierten Alltag, Berlin 2007. Strech, D./Graf von Kielmansegg, S./Zenker, S., „Datenspende“ – Forschungsbedarf, ethische Überlegungen. Bewertung, rechtliche, informationstechnische und organisatorische Rahmenbedingungen, Berlin 2020, abrufbar unter: https://www.bundesgesundheitsministerium.de/fileadmin/Daten/5_Publikatio‐. NEN/Ministeriet/Reports/Gutachten_Datenspende.pdf. Taeger, J., Profiling-Verbot gemäß Art. Hrsg.), Praktischer Kommentar zum Urheberrecht, 6. Auflage, München 2022 (zitiert als: Autor, in: Wandtke/Bullinger 2022).

Europäische Kommission (Hrsg.), Shaping Europe's digital Future – A European Strategy for data, Brüssel 2022, abrufbar unter: https://digital‐strategy.ec.europa.eu/en/policies/strategy‐data. Janzen, D., Das Problem der Datensilos – und wie gutes Datenmanagement sie auflöst, in: d.velop Blog, 15. Oktober 2021, abrufbar unter: https://www.d‐velop.de/blog/digitaler ‐wandel/datensilo /.

Referências

Descarregar agora ( PDF - 48 páginas - 1.07 MB )

Outline

Data Intermediation Services Other Data Sharing Models Summary

Documentos relacionados

Introduction of digital platforms to State and Municipal administration: opportunities for regulation and transformation of social services for the population

The key direction in the formation of digital public administration platforms in Russia today is the mer- ging of the implemented information systems into one unified digital