Self data protection

Under privacy and encryption is understood by the individual to protect his right to informational self-determination taken technical, organizational and legal measures. So far, this has primarily included the behavior of individuals, offering as few starting points as possible for collecting their data. Self- data protection means getting to know the dangers of data protection and data security and taking active countermeasures yourself.

For example, the use of certain technology offers in which electronic traces are generated and stored for a long time (in particular cashless payment types, mobile phone calls, e-mails, Internet use) should be restricted, not be used in online networks and online role-playing games, only data protection-friendly technology should be used, telecommunications encrypted or the identity of the individual is anonymized or pseudonymized with the aim of identity management (e.g. anonymization of Internet use through services such as JAP or Tor ). Entry in a “ Robinson list ” or similar exclusion lists, non-participation in personal contests or non-consent to the further transmission of one's own data can also be part of a self-data protection concept. Furthermore, the rights of the data subject regulated in the data protection laws (including information or inspection, correction, deletion, blocking, objection, compensation and calling on the state data protection officer ) can be understood as instruments of self- data protection . In relation to public authorities, i.e. in existing subordinate / superordinate relationships (e.g. in police law), the concept of self-data protection comes up against both legal (duties or obligations to cooperate; data collection from third parties etc.) and actual limits.

In particular, the worldwide networking through the Internet poses new threats to personal data on an unprecedented scale. The main problem with Internet technology is that it has already reached a very high level of complexity. Even individual specialists are no longer in a position to have an overview of the entire technology. Further new developments in this technology keep increasing the complexity.

• While surfing, a Trojan horse gets onto the private PC of an Internet user. He has neither installed antivirus software nor is the PC regularly scanned with another program that can detect spyware . This PC can now be completely monitored and even controlled remotely. There are even tools on the Internet that automatically search for such PCs (so-called zombies ) infected with Trojan horses .
• A plaintiff communicates with his attorney by email. The defendant has gained access to the access data for the mail account. He now knows in advance every planned step of the plaintiff and knows about the possible consequences of his behavior. Neither the plaintiff nor their lawyer suspect that the opposing party is well informed.
• As part of new hires, personnel managers often take a look at various social networks . Many applicants do not realize that the publication of unfavorable content can therefore reduce the chances of an application being successful.
• Caution is also advised when using Internet access in hotels, restaurants, train stations, etc. These are even rarely encrypted, even if you have to register to use them. If you then transmit your own login data for access to websites or your own e-mail account unencrypted, you also allow an attacker to access these accounts - this is still often the case.
• A young man is applying for a job with an international company. This company works with an illegally operating credit agency . Targeted phishing , pharming and spoofing are used to condense and evaluate all web-based account data of the target person. It turns out that the target person has a gay profile on a contact portal, has made several requests to web-based online counseling because of psychological problems and there are regular overdrafts. At an internet auction house, the target person appears by regularly buying up coins and second-hand jeans. The condensed profile data is sufficient for the responsible HR department to give the submitted application a negative assessment. (Comment: The aforementioned active attacks are not a necessary prerequisite for the correlation of personal data of the target person from different sources. In particular, it can be assumed that the personal data listed as an example were not collected and stored by these attacks.)