Data avoidance and data economy

from Wikipedia, the free encyclopedia

Data avoidance and data economy is a concept in the area of data protection . The basic idea is that only as much personal data is collected during data processing as is absolutely necessary for the respective application .

Concepts

The concept of data avoidance and data economy is closely related to the traditional data protection principle that only those personal data may be processed that are required for the fulfillment of the respective task ( necessity ). However, it is also an aspect of system data protection , i.e. the integration of data protection requirements into IT systems , now often referred to as privacy by design . Data protection should not only be standardized through legal regulations, but also implemented through the design of the IT.

At the same time, data economy also denotes a reluctance on the part of the consumer, demanded by data protectionists, to disclose personal data outside of the information necessary for a business relationship , especially on the Internet and in competitions.

A concrete implementation of the requirement of data economy and data avoidance is, for example, the legal prohibition of the use of clear names in internet communication. Laws can strengthen this through the right to informational self-determination .

Many data protectors and data protection officers categorically demand an opt-in for personal data and for data that can be linked to personal data . However, many applications do not even allow an opt-out or even tell users what data is being processed or transferred to computer networks . In the data protection declarations of the providers, it is also often not stated which data are processed and where they are transferred, to which bodies the data are passed on, whether and how long they are stored or whether there is a right to be forgotten .

Examples

For example, a consumer usually cannot easily prevent his smart TV television set from transmitting data in advertising networks .

Data transmission is often intended to increase the ease of use of products, such as the fact that a device such as the Amazon Dash transmits the password entered by the user for a local wireless network to a server on the Internet when it is first used , so that it can be used at a later date further devices can be integrated into the same local network without having to enter the password again. To avoid this process, the user must deactivate the corresponding function in the associated mobile app on their smartphone .

Another example is the transfer of the entire address book, which is stored on a mobile device, to the server of a provider from a social network . This process is intended to simplify contact with other members of the social network, but may also mean that the contact details there can no longer be deleted or that the operator of the network may pass them on to data collectors.

Situation in Germany

The concept was standardized for the first time in § 3 Para. 4 TDDSG in July 1997: “The design and selection of technical equipment for teleservices has to be geared towards the goal of collecting, processing and using no or as little personal data as possible. "

In Germany , data avoidance and data economy was laid down in Section 3a of the Federal Data Protection Act (BDSG). Until September 1, 2009, the principles only applied to the “design and selection of data processing systems”. Through the law amending data protection regulations of August 14, 2009 ( Federal Law Gazette 2009 I p. 2814 ), the scope of § 3a BDSG was extended beyond the previous system data protection to any use of personal data. In Germany, the principle applies that the collection, processing and use of personal data and the selection and design of data processing systems must be geared towards the goal of collecting, processing or using as little personal data as possible.

Since the beginning of 2015, numerous government politicians , including Chancellor Angela Merkel, have been trying to abolish this requirement on the grounds that the requirement hinders Germany's development in the field of big data , including CDU politicians who work as EU commissioners. The idea of ​​data economy should be replaced with the term data sovereignty . Even industry representatives contradict this path of the governing parties CDU and SPD.

Since May 25, 2018, data economy has been mentioned in Section 71 of the Federal Data Protection Act, which in particular requires that the processing of personal data and the selection and design of data processing systems be geared towards the goal of processing as little personal data as possible. In addition, personal data must be anonymized or pseudonymized at the earliest possible point in time, insofar as this is possible according to the processing purpose.

Situation in Europe

The General Data Protection Regulation of the European Union , for the implementation and implementation of which the Federal Data Protection Act has been revised, speaks in its Article 5 of “data minimization”, which some incorrectly understand as a complete replacement of the principles of data economy and data avoidance. This arises only together with data protection through technology design and data protection-friendly default settings (Article 25 of the GDPR).

Web links

Individual evidence

  1. Heise Online: Data economy against data abuse
  2. Datenschutz , test.de , accessed on September 29, 2016
  3. Data protection in the check: Many backdoors on Google, Netflix & Co , test.de from February 24, 2016, accessed on September 29, 2016
  4. Smart TV and data protection: What the television broadcasts secretly , test.de from July 11, 2016, accessed on September 29, 2016
  5. Amazon Dash Buttons: Buy at the push of a button - no clean thing , test.de from October 12, 2016, accessed on October 15, 2016
  6. Data scandal on Facebook: Mobile phone contacts on the net , test.de from June 1, 2010, accessed on October 15, 2016
  7. Data protection and reporting law: data collection and resistance , test.de of July 13, 2012, accessed on October 15, 2016
  8. Data protection in apps: which apps spy on your data , test.de from May 31, 2012, accessed on October 15, 2016
  9. Applications for smartphones: data leaks in apps , test.de from February 9, 2011, accessed on October 15, 2016
  10. ^ Draft of a law regulating the framework for information and communication services, cf. Art. 2 § 3 Paragraph 4 ( BT-Drs. 13/7385 )
  11. Synopsis of the versions of § 3a BDSG at www.buzer.de.
  12. Stefan Krempl: Merkel at the IT summit: data protection must not prevent big data. In: Heise online. November 19, 2015, accessed September 14, 2016 .
  13. Stefan Krempl: Two years of the digital agenda: "Cloud sounds like stealing". In: Heise online. September 6, 2016, accessed September 14, 2016 .
  14. ^ A b Stefan Krempl: IT summit: Gabriel pleads for data sovereignty instead of data protection. In: Heise online. November 19, 2015, accessed September 14, 2016 .
  15. Detlef Borchers: European Police Congress: Chancellery Minister Altmaier calls for a new awareness of data. In: Heise online. February 23, 2016, accessed September 14, 2016 .
  16. Volker Briegleb: EU Digital Commissioner Oettinger: “We are hypersensitive to data protection”. In: Heise online. February 16, 2016, accessed September 14, 2016 .
  17. ^ Stefan Krempl: Safer Internet Day: Justice Minister Maas calls for "minimum data sovereignty" for health apps. In: Heise online. February 9, 2016, accessed September 14, 2016 .
  18. Stefan Krempl: Data sovereignty: The saw on informational self-determination. In: Heise online. January 30, 2018, accessed September 5, 2018 .
  19. Stefan Krempl: State Secretary shoots sharply against the motto "My data are mine". In: Heise online. February 11, 2016, accessed September 14, 2016 .
  20. Forum Privacy : Policy Paper DATA SAVING OR DATA RICH? On the new political discussion about the data protection principle of data economy. July 2017, accessed November 9, 2018 .
  21. Regulation (EU) 2016/679 , accessed on September 6, 2016
  22. Jürgen Kühling: The General Data Protection Regulation and national law . MV-Verlag, Münster 2016 ( online [PDF]).