Interview with Klaus Müller, Federation of German Consumer Organisations, on data protection requirements for business

Interview with Klaus Müller, Federation of German Consumer Organisations, on data protection requirements for business

Author: Gerhard Walter, Editor, Solutions by HANDELSBLATT MEDIA GROUP GMBH

Topics:

  • consumer digital awareness
  • clear legal rules for data handling
  • data protection requirements for business

“It can’t be right that consumers have to become experts in dynamically developing technologies.”

Do you think consumer awareness and interest in data protection are strong enough, and what would it take to make them stronger?
Even stronger awareness of the opportunities and risks of digitisation is, of course, always a good thing. But when it comes to data protection, many consumers are very aware of the issues. In November 2019 for example, the digital association Bitkom ran a representative survey of Internet users asking what they felt threatened by on the Internet. 70 percent said one concern was that personal data could be forwarded without permission and misused – for instance for advertising. As the numerous data scandals that affected millions of people in recent years show, these fears are not unfounded.

One big problem is the complexity of technologies and value chains. These days, if you don’t have a smartphone it’s almost impossible to maintain friendships or do your job. But even if consumers really value data protection, most of them still won’t be able to configure their smartphones in a way that supports it effectively. Even the basic technical design of the devices, and of many apps, is geared to collecting personal data they don’t actually need in order to operate. It can’t be right that consumers have to become experts in technologies that are developing dynamically.

Another problem is that currently, there’s practically no getting round a few powerful players in the market. Since consumers use these giant providers, the companies can dictate the rules of play. Also, tech giants have sufficient resources to interpret rules very broadly and to conduct lengthy legal proceedings. For consumers, giving consent – even just reading data protection declarations – is often an imposition. You already know what’s going to happen: people consent, but grudgingly. Because what alternative to Google, Facebook and the rest do you have? If you decline the terms, you can’t use the services.

And that’s why we need clear regulations on how data may be handled. The General Data Protection Regulation is an important step in that direction, and more should follow. In particular, data protection regulations need to be enforced more effectively. For that to happen, data protection supervisory authorities need to have enough staff.

Why was it so hard for Germany to allow proceedings like the model declaratory action?
Consumer associations have been advocating the introduction of class actions for decades. In Germany, the discussions were tougher and less flexible than almost anywhere else. The main concerns were always doubt, uncertainty, and a fear of a situation like the one in America. Politically, the result was years of hesitation and inaction. That’s why the Federation of German Consumer Organisations advocated the model declaratory action at an early stage, as a moderate form of class action. But the breakthrough only came with the diesel scandal. That convinced even the sceptics that up to now, our judicial system has not been able to respond adequately to this kind of mass damage.

Introducing the model declaratory action was correct and important as a first step. The successful completion of the VW proceedings shows that in cases like this, consumers want to be able to sue together. There was also broad acceptance for the compensation arrangements with VW. But it’s also clear that the law is in great need of reform.

That reform is something politicians will have to tackle in the next few years. On the one hand, because the VW case also showed that the law has numerous shortcomings. And on the other because the EU is forcing Germany to introduce an even more effective procedure. Under the Representative Actions Directive the EU has just launched, consumers will receive direct compensation without a settlement in suitable cases. That would be a big step forward from the model declaratory action, where the court ruling itself does not foresee any payments to consumers.

The guideline contains numerous precautionary measures to protect companies from fraudulent lawsuits. But it also leaves German legislators a lot of scope in implementation.  Hence, we expect politicians to reconsider their reservations about class actions, which are often very general, and to implement the European directive that’s now in the pipeline for the benefit of consumers.

What demands does the vzbv make on business in terms of ​​data protection?
We expect all members of the business community to adhere to the legal regulations; to engage with consumers on an equal footing; and to see data protection not as a stumbling block, but as something they factor in at an early stage, when they develop and implement their devices and services.

More specifically, how would you like business to handle the ePrivacy Regulation?
That’s something you’d need to ask a business representative. But from the consumer point of view it’s important that the protection of personal data and confidentiality in electronic communication are in the foreground, and are not negotiable. The new regulation needs to go further than what we have at the moment.

The only way to guarantee that is by ensuring that communication data processing by telecom service providers, and also online consumer tracking, can only take place if the user consents, or for the purposes specified in the regulation. Processing based on a weighing up of interests, and processing communication data further for a different purpose, should not be allowed. Also, communication devices and software should always be preconfigured so that by default, the only data processed is the data needed to provide the services.

Do you use the Federal Government’s corona app?
Yes, I do. There are glitches now and then, but I’m happy enough with the data protection concept that personally, I think using it makes a lot of sense. I’m sure this active data protection concept has contributed to the fact that the German app has a fairly high distribution rate compared to other countries. This shows how important it is for the success of IT and digitisation projects that people can trust they’re getting strong data protection – not just lip service. Of course, the app has yet to prove itself. And a continuous digital link with test laboratories is overdue.

Klaus Müller has been a member of the board of directors of the Federation of German Consumer Organisations in Berlin since May 2014. From 2006 to 2014 he held a similar position at the Consumer Centre North Rhine-Westphalia in Düsseldorf. Before that, Müller served in Kiel as Schleswig-Holstein’s Minister for Environment, Nature and Forests (2000 – 2003) and Minister for Environment, Nature Conservation and Agriculture (2003 – 2005) before joining the Landtag for one year (2005–2006). Müller began his professional career at the Schleswig-Holstein Investment Bank in Kiel in 1998, the same year he entered the German Bundestag in Bonn / Berlin for two years. Klaus Müller is the managing director of the German Consumer Protection Foundation, a member of the Heinrich Böll Foundation and a German Marshall Fund Fellow.