Data Protection Audit Act

The Data Protection Audit Act was a planned German law that should enable providers of data processing hardware and software as well as data processors to have their data protection concept and their technical facilities checked, evaluated and certified under data protection law. The auditing should be voluntary. It should be checked and evaluated whether the concept and the technology are compatible with data protection laws . Organizational and technical measures for data protection and data security should not be checked.

The German Bundestag decided on July 3, 2009 not to pass the law.

Parliamentary procedure

A law on data protection audits at the federal level has been required by data protection officers for several years. In addition, in 2001, the German legislature committed itself through Section 9a of the Federal Data Protection Act to enact an audit act for data protection.

On September 7, 2007, the Federal Ministry of the Interior submitted a draft bill for a “Federal Data Protection Audit Act”, which, however, was judged rather negatively by experts. The German Association for Data Protection complained that the planned audit should be limited to legal aspects. A certificate would only certify that the audited company is complying with the law. This is a matter of course and should not be rewarded with a seal of approval.

On December 10, 2008, the draft bill was passed by the federal government under the name “Data Protection Audit Act”. The Audit Act was part of a "data protection package" launched by the federal government in response to the data protection scandals of 2008. The package had the official name Law to regulate the data protection audit and to change data protection regulations . Thilo Weichert , the data protection officer of the state of Schleswig-Holstein, commented on the draft law with the words: “The draft unites almost all errors that can be made in an audit law, and thus guarantees neither independence of evaluation and quality, nor transparency, nor legal security. "

In February 2009 the Federal Council asked the Federal Government to fundamentally revise the draft law. The planned procedure for a data protection audit is "bureaucratic, costly and not transparent". On July 1, 2009, the Interior Committee of the German Bundestag agreed to remove the Audit Act from the data protection package. The regulations that remained in the package were then passed on July 3, 2009 by the Bundestag as a law amending data protection regulations . The federal government's bill on the data protection audit had thus failed.

Web links

swell

^ Resolution of the 70th conference of the data protection officers of the federal and state governments on 27./28. November 2005 in the Hanseatic city of Lübeck. ( Page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.@1@ 2Template: Toter Link / www.bfdi.bund.de
↑ Further development of data protection law from the point of view of the Federal Commissioner for Data Protection. Speech by Peter Schaar on the occasion of an information event of the General Association of the Insurance Industry on February 18, 2004 in Bonn ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.@1@ 2Template: Toter Link / www.bfdi.bund.de
↑ Statement by the Independent State Center for Data Protection Schleswig-Holstein on the draft bill of a Federal Data Protection Audit Act ( Memento from March 5, 2016 in the Internet Archive )
↑ ^a ^b Statement by the German Association for Data Protection on the draft of a Federal Data Protection Audit Act. ( Memento from February 19, 2009 in the Internet Archive ) (PDF; 33 kB)
↑ Press release of the Federal Ministry of the Interior of December 10, 2008: “Federal Cabinet decides on improved rules on data protection.” ( Page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.@1@ 2Template: Toter Link / www.bmi.bund.de
↑ Bundestag printed paper 16/12011 of February 18, 2009 (PDF; 990 kB)
↑ Press release of the Independent State Center for Data Protection Schleswig-Holstein from December 10, 2008. ( Memento from August 19, 2014 in the Internet Archive )
^ Opinion of the Federal Council of February 13, 2009. Federal Council printed paper 4/09 (B).
↑ Law amending data protection regulations 2009 - reasons, wording and changes

[1] Resolution of the 70th conference of the data protection officers of the federal and state governments on 27./28. November 2005 in the Hanseatic city of Lübeck. ( Page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.@1@ 2Template: Toter Link / www.bfdi.bund.de

[2] Further development of data protection law from the point of view of the Federal Commissioner for Data Protection. Speech by Peter Schaar on the occasion of an information event of the General Association of the Insurance Industry on February 18, 2004 in Bonn ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.@1@ 2Template: Toter Link / www.bfdi.bund.de

[3] Statement by the Independent State Center for Data Protection Schleswig-Holstein on the draft bill of a Federal Data Protection Audit Act ( Memento from March 5, 2016 in the Internet Archive )

[dvd-4] Statement by the German Association for Data Protection on the draft of a Federal Data Protection Audit Act. ( Memento from February 19, 2009 in the Internet Archive ) (PDF; 33 kB)

[5] Press release of the Federal Ministry of the Interior of December 10, 2008: “Federal Cabinet decides on improved rules on data protection.” ( Page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.@1@ 2Template: Toter Link / www.bmi.bund.de

[6] Bundestag printed paper 16/12011 of February 18, 2009 (PDF; 990 kB)

[7] Press release of the Independent State Center for Data Protection Schleswig-Holstein from December 10, 2008. ( Memento from August 19, 2014 in the Internet Archive )

[8] Opinion of the Federal Council of February 13, 2009. Federal Council printed paper 4/09 (B).

[9] Law amending data protection regulations 2009 - reasons, wording and changes