Data protection law: that should know jurists

That’s what lawyers should know about data protection law

Picture: “Safe” by Rob Pongsajapan. License: CC BY 2.0

Legal basis

The data protection is regulated in the federal data protection law (BDSG) as well as the data protection laws of the countries. Furthermore, there are priority ones, as more specific regulations e.g. in §§ 91 ff. TKG, §§ 11 ff. TMG, § 47 RStV.

Purpose of data protection

The basis of data protection law is the general personality right of Art. 2 I i.V.m. Art. 1 I GG in the expression of the Right to informational self-determination. Accordingly, every human being can decide for themselves what is going on outside of what concerns themselves, and what happens to their data.

§ 1 I BDSG makes the following wording:

The purpose of this law is to protect the individual from being impaired in his personal rights by the handling of his personal data.


Central is the concept of “personal data”, which is legally defined in § 3 I BDSG:

Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person (person affected).

Legal persons are therefore not covered by the provisions of the BDSG, but fall under the corresponding provisions of the Telecommunications Act (§§ 91 et seq. TKG).

From the BDSG debtor is the “responsible body”, ie gem. § 3 VII BDSG any person or body that collects, processes or uses personal data for itself or has this done by others on behalf of.

This is a division into public agencies of the Federation, for which the provisions of Section 2 apply (§§ 12-26 BDSG) and non-public bodies as well as public-law competitive companies, for which the provisions of Section 3 apply (§§ 27-38a BDSG).

The most important regulations at a glance

§ 4 I BDSG

The collection, processing and use of personal data are only permitted if the BDSG or another legal provision permits or orders this or the person concerned has consented. So there is a permission reservation in the data protection law.

§ 4f BDSG

Public and non-public bodies that process personal data automatically must order their own data protection officer in writing if at least 10 people are constantly involved in the automated processing of personal data.

In the case of non-automated data processing, a data protection officer is only to be appointed if at least 20 persons are involved in the processing of this data or have access to this data.

It does not matter if they are full-time or part-time.

§ 3a BDSG

Personal data should be collected, processed or used as little as possible. In particular, personal data shall be anonymised or pseudonymised to the extent that this is possible according to the intended use and does not require disproportionate effort in relation to the intended purpose of protection. This is referred to as the principles of data avoidance and data economy.

§§ 13, 14 BDSG

The collection, storage and use of personal data is only permitted if their knowledge is necessary for the performance of the duties of the responsible body. One speaks of the necessity principle. If the purpose of the storage is omitted, the corresponding data must be deleted or blocked in accordance with. §§ 35 II Nr, 3, III BDSG.

§ 13 IV No. 3 TMG

Providers of telemedia services (e.g., internet service providers) must ensure, through technical and organizational precautions, the protection of personal data against third party awareness.

§ 13 IV No. 4 TMG

The service providers must always separate the personal data about the use of different telemedia by the same user (separation principle). Such data may only be combined if this is necessary for billing purposes. § 15 II TMG.

§ 13 VII i.V.m. § 34 BDSG

The data subject or user has a claim against the responsible authorities or the service provider for information about the data stored about his person or his pseudonym.

§§ 14, 15 TMG

A distinction is made between existing data according to § 14 TMG, ie data required for the establishment, content or modification of a contractual relationship between the service provider and the user on the use of telemedia (name, address, e-mail address, bank details) and usage data , ie data required to enable and bill the use of telemedia (start and end of use, scope of use, utilized telemedia services) according to § 15 TMG.

§ 41 I BDSG

The press enjoys the so-called “media privilege”. This means that the press sector is free of external data protection control. However, this only applies to journalistic editorial data usage and not to data usage for commercial or billing purposes.

§ 47 RStV

As far as the event and distribution of private radio gem. The RStV collects, processes or uses personal data, the provisions of §§ 11 ff. TMG apply accordingly.

The ultimate preparation for the state law exam

This free eBook will give you an overview of the possibilities to prepare for your Jura exam:

✔ How did the perfect exam preparation work??

Related Posts

Like this post? Please share to your friends:
Christina Cherry
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: