Snack from the 100th anniversary assembly of the German information safety authorities | Weblog on information safety and data safety regulation
On November 26, 2020, the Conference of the Data Protection Conference (DSK) published a press release with conclusions from its 100th anniversary meeting.
The following is a summary of the key issues raised by the DSK that focused on the impact of Schrems II:
- Windows 10: According to the press release, the DSK discussed data protection in the context of the enterprise version of Microsoft Windows 10, in particular the telemetry functions, as well as the data protection improvements announced by Microsoft for Office 365. With regard to the telemetry functions A DSK working group had previously determined in three test scenarios that data controllers should use the “security” telemetry level when using the enterprise version and should therefore take contractual, technical or organizational measures to ensure that no personal data is sent to Microsoft be transmitted . As for Office 365, the DSK remains in talks with Microsoft. For both questions, the DSK stated that it would examine the judgment of the Court of Justice of the European Union of 16 July 2020 on the transfer of personal data to inappropriate countries (C-311/18) (“Schrems II”). .
- Encryption: The DSK stated that it clearly rejects requests from law enforcement and intelligence agencies for access to encrypted communications in courier services and private communications. In the press release of the DSK, the draft resolution of the Council of the European Union with the title “Security through encryption and security despite encryption” was criticized. The DSK stated that it believed the draft would mitigate the requirements for end-to-end encryption in favor of law enforcement and intelligence agencies, which would be counterproductive and easily circumvented by criminals and terrorists. According to the DSK, secure and trustworthy encryption is an essential requirement for resilient companies and public administrations. It was also found that in light of the Schrems II, encryption is a key tool for transferring personal data to inappropriate countries.
In addition, the DSK called for legal certainty with regard to two further questions relevant to German law:
- Telecommunications: The DSK called on the German legislature to implement the requirements of the decision of the Federal Constitutional Court of May 2020, which prescribes the disclosure of telecommunications data by telecommunications providers to authorities and the access of authorized authorities to this data (e.g., Public prosecutors) proportionally and standardized. The DSK pointed out that the current § 113 of the Telecommunications Act does not meet these requirements and therefore changes to the information procedures of the authorities are necessary.
View press release.