Selected Topics in English
About Stiftung Datenschutz
The Stiftung Datenschutz (Foundation for Data Protection) was established by the German Federal Government in 2013. The non-profit incorporated foundation is based in Leipzig, Saxony. The NPO offers a neutral forum for debates around effective and efficient data policy and develops recommendations for privacy politics. Acting independently in the field of data privacy, Stiftung Datenschutz links politics and the public, academics and business. It complements existing organizations and initiatives while liaising closely with German data protection authorities on state and federal levels.
Stiftung Datenschutz acts as an independent information and discussion platform. Its aim is to develop proposals for improving data privacy, to work on them in projects with experts from the relevant circles, and to discuss them publicly. The foundation does not act as a research institution, but as an interface between science, business, society and politics. This structure and focus is also the foundation's unique selling point: Neither data protection supervisory authorities nor trade associations or other organizations offer a neutral discussion platform that deals exclusively with data protection.
Stiftung Datenschutz aims to promote solutions that combine effective protection of fundamental rights with sufficient scope for technological progress and new business models. In our view, it should not be "innovation or data protection" but "innovation and data protection". We aim to provide a lobby for data privacy. We use information measures to counter GDPR myths and want to clarify what data protection law - when interpreted and applied pragmatically – can enable and does not inhibit.
PROJECT CONSENT & PERSONAL INFORMATION MANAGEMENT SERVICES
In our networked world the disclosure of personal information has long been a part of everyday life. People can't benefit from the digital services available without consenting to the use of personal details. However, the associated data protection policies are usually long and often remain unread because of their legal jargon, technical complexity and lack of time. As a result the content of such "data protection terms and conditions" is more or less agreed to blindly. More and more requests for data protection consent also cause data owners to be overwhelmed by the need to make decisions, deadening them into a state of 'rational ignorance' and finally to a devaluation of the significance of providing consent. In real life the ideal data protection situation of 'informed consent' is a rarity.
In a project funded by the Federal Ministry of the Interior the non-profit Federal Foundation for Data Protection compared a number of different data consent projects. We also investigated the legal and economic conditions for the implementation of consent platforms. The study looks at possible ways of using technology to facilitate the legal validity of the consent process in terms of greater self-determination and user control. Proposals are developed on how the process of consent in data protection law and practice can be made more practicable and provided with technical support.
THE RIGHT TO DATA PORTABILITY
When the General Data Protection Regulation became effective in May 2018, every person in the EU was given for the first time have the right “to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format”. In our project, the Stiftung Datenschutz has examined possible ways of practically implementing the right to data portability.
TRUSTED CLOUD DATA PROTECTION PROFILE
Supported by the Federal Ministry of Economics, a consortium consisting of members from enterprises, data protection authorities and legal scholars developed a framework for a free and secure standard for data protection in cloud services, as required by the Federal Data Protection Act.
The TCDP standard is currently under the administration of the independent Foundation for Data Protection. Preparations are underway to adapt TCDP to the European Data Protection Regulation, which will come into effect in May, 2018.
The TCDP standard was developed to create a certification standard that meets all criteria defined in the FDPA. A cloud service provider with the TCDP certificate can be considered compliant with FDPA requirements, saving their clients the obligation to control the technical and organizational measures. The certification process can be tailored to the needs of the cloud service provider.