The Stiftung Datenschutz (Foundation for Data Protection) was established by the German Federal Government in 2013. The non-profit incorporated foundation is based in Leipzig, Saxony. The NPO offers a neutral forum for debates around effective and efficient data policy and develops recommendations for privacy politics. Acting independently in the field of data privacy, Stiftung Datenschutz links politics and the public, academics and business. It complements existing organizations and initiatives while liaising closely with German data protection authorities on state and federal levels.
The foundation provides a forum for the essential public discourse on privacy and data protection policies, with the aim of developing future-proof, viable proposals and practical recommendations for improved implementations of data protection theories. Stiftung Datenschutz also supports research and interdisciplinary projects in the field of privacy and its protection, organizes lectures and conferences, and raises public awareness on the importance of privacy and data protection.
The work of the Stiftung Datenschutz is overseen by an administrative board. Its members are independent academics: Prof. Dr. Indra Spiecker, LL.M. (Georgetown Univ.) who holds a Chair in Information Law at Frankfurt Goethe University and Prof. Dr. Georg Borges, Director for Civil Law, Legal Informatics, German and International Business Law and Legal Theory at Saarland University.
Further board members are the heads of the relevant units of the Federal Ministry of the Interior and the Federal Ministry of Justice and for Consumer Protection. The members of the foundation’s advisory board represent a wide range of public institutions and media and business associations, as well as the political parties in the German Bundestag (Federal Parliament). All board members work on a honorary basis.
Director Frederick Richter is lawyer by profession and passed the bar after law studies in Hamburg, Hanover and Vienna, specializing in the law of information technology. He has more than 10 years of experience in IT-related politics and policy counseling. He is a former Data Protection Officer of the Federation of German Industries (BDI), and advised one of the parliamentary groups in the German parliament on policy decisions regarding Internet and IT law. Frederick is a member of the advisory council of the interdisciplinary AbiDa - Assessing Big Data project at the University of Münster, and an independent member of the Data Privacy Advisory Panel at AXA.
When the General Data Protection Regulation will become effective in May 2018, every person in the EU will for the first time have the right “to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format”. In our project, the Stiftung Datenschutz has examined possible ways of practically implementing the right to data portability. Read more...
In our networked world the disclosure of personal information has long been a part of everyday life. People can't benefit from the digital services available without consenting to the use of personal details. However, the associated data protection policies are usually long and often remain unread because of their legal jargon, technical complexity and lack of time. As a result the content of such "data protection terms and conditions" is more or less agreed to blindly. More and more requests for data protection consent also cause data owners to be overwhelmed by the need to make decisions, deadening them into a state of 'rational ignorance' and finally to a devaluation of the significance of providing consent. In real life the ideal data protection situation of 'informed consent' is a rarity.
In a project funded by the Federal Ministry of the Interior the non-profit Federal Foundation for Data Protection compared a number of different data consent projects. We also investigated the legal and economic conditions for the implementation of consent platforms. The study looks at possible ways of using technology to facilitate the legal validity of the consent process in terms of greater self-determination and user control. Proposals are developed on how the process of consent in data protection law and practice can be made more practicable and provided with technical support. Read more...
Supported by the Federal Ministry of Economics, a consortium consisting of members from enterprises, data protection authorities and legal scholars developed a framework for a free and secure standard for data protection in cloud services, as required by the Federal Data Protection Act.
The TCDP standard is currently under the administration of the independent Foundation for Data Protection. Preparations are underway to adapt TCDP to the European Data Protection Regulation, which will come into effect in May, 2018.
The TCDP standard was developed to create a certification standard that meets all criteria defined in the FDPA. A cloud service provider with the TCDP certificate can be considered compliant with FDPA requirements, saving their clients the obligation to control the technical and organizational measures. The certification process can be tailored to the needs of the cloud service provider. Read more...