Enlarge image
Photo: gremlin/Getty Images
Privacy.
A good idea, an important concept and also protected by the constitution via ties through »informational self-determination« since a constitutional court ruling in 1983.
Somehow.
And of course data protection is essential in times of digitally driven surveillance options, certain personal data is not the state's business and neither is everyone else.
Unfortunately there is a but.
Because the idea of data protection differs significantly from what you are confronted with almost every day in the network and IT world.
In Germany there is not a people-oriented, enlightened, progressive data protection, but a real existing data protection.
Of course there are many people who advocate modern, enlightened data protection, maybe they are even in the majority.
But it would be a very quiet majority, because the discourse and thus also public opinion is shaped by fundamentalist naysayers who are as loud as they are often.
Actually existing data protection is not based on the sensible transfer of basic values into the digital 21st century - but on an outdated, dysfunctional image of the digital society and a series of narratives that have long since become untenable.
This is where the problem begins, because data protection and the associated legislation is so often cumbersome and unclear in detail that assumptions and stories are resorted to, even in informed circles.
In concrete terms, this means that one and the same fact is interpreted so differently by different experts that it is often not even possible to achieve a minimum of certainty.
Contrary to the mantra of many data protectionists, this deficit, which is paralyzing in everyday digital business life, may have improved with the GDPR, but it is far from good.
As can be seen, for example, from the ongoing German e-prescription fiasco.
more on the subject
Nora, e-recipe and ID wallet: Germany is the digital signa column by Sascha Lobo
State and semi-state IT projects in Germany are anyway a sequence of 50 shades of failure.
The e-prescription should have been introduced several times a long time ago, the technologies behind it are really not magical witchcraft of digital aliens.
E-prescription concepts are used in Europe in Albania, Croatia, Denmark, Estonia, Finland, Iceland, Latvia, Lithuania, Czech Republic, Greece, Malta, Montenegro, Norway, Portugal, Romania, Slovenia, Sweden, Spain, Ukraine, the Netherlands, France, Italy, Russia and the UK.
Outside of Europe in China, India, South Africa, Bangladesh, Egypt, Malaysia, Australia, Rwanda, Philippines, Brazil, Israel, Thailand, Canada, Ecuador, Kenya, Bolivia, Panama, Costa Rica, Paraguay and tons of other countries.
Even Austria, which is otherwise under strong suspicion of Germany in digital state matters, introduced the e-prescription this summer.
The magnitude of the change can be seen in the US, where 84 percent of all prescriptions were digital in 2020.
In Germany, however, the regional test run in Schleswig-Holstein scheduled for early September was canceled shortly beforehand by the Association of Statutory Health Insurance Physicians.
And with the reason: The data protection authority has forbidden it.
Two weeks before launch.
For once, it's not
worth taking a
closer look here, if only because then you'd be completely desperate and want to set everything on fire.
But the first sensible reaction to this cancellation is completely independent of the content, because it is mandatory: Wait a minute - couldn't we have known that
beforehand
?
Yes, one should have.
But this is where the whole misery of the actually existing data protection becomes apparent: it has become an opaque weapon of prevention due to a multitude of absurdities, inconsistencies and hostility to progress.
From the outside and, in the case of a large number of projects, even from the inside, it is difficult to say whether data protection would have really caused problems here or not.
Whether there would have been simple, privacy-compliant options or not.
Which many enlightened data protection advocates suffer enormously themselves, because that means: With a stubborn reference to data protection, you can admonish and warn and paint penalties on the wall and kill unwanted projects even if there is actually nothing against it under data protection law.
Data protection is therefore not only the largest digital prevention tool in Germany, but also the largest digital scapegoat.
However, data protectionists themselves are not entirely innocent of this situation.
Privacy, like just about anything else, has different schools and schools of thought.
Some of them have railed against almost every form of data use very loudly and very adamantly and very difficult to understand for decades.
In this way, a self-reinforcing image has solidified: Anyone who is primarily present in public with warnings, reminders and prohibitions and then communicates in a way that is difficult to understand or unrealistic bears a certain share of the responsibility for the feeling in so many heads: data protection is annoying and prevents it.
The publicly perceived intransigence of data protection is mainly due to a data protection current that was very influential in Germany and was shaped in the German mecca of data protection, Schleswig-Holstein.
In a very unpleasant way, she refers to the above-mentioned judgment of the Federal Constitutional Court with the fundamental right to informational self-determination.
At that time, the court used Article 1 of the Basic Law as the main argument, i.e.: »Human dignity is inviolable.«
This is obvious, but today, in the harsh interpretation of the radical data protection faction, the result is that it makes the reconciliation of interests more difficult or impossible.
If data protection is practically equal to dignity, then every negotiation is hopeless or even outrageous, because dignity is non-negotiable.
That is the core of my criticism of the data protection that actually exists: too seldom is it about the practical weighing of benefits and costs and far too often about supposedly non-negotiable absolutes.
This creates grotesque situations.
In the summer of 2021, during the pandemic, the Hessian state data protection officer wanted to ban video conferencing systems such as Microsoft Teams from schools and justified this by saying that a state-owned video conferencing system would be available in the new school year.
However, the state government canceled the introduction of this system at short notice, so that the schools were alienated completely for nothing.
data shielda.
In addition to such grotesques, the problem is even greater.
Data protection also protects people who don't want it, in situations that they don't see as protection at all.
But as paternalism.
It's actually bizarre: you can have an intentional bodily harm done completely legally if you wish, but there are a number of data protection rules that you can't actually overturn even at the request of those directly affected.
Because in everyday digital life, situations that look something like this often arise:
Person: You offer service X, I like using it, but I want feature Y.
Company: Y? We're not allowed to, data protection.
Person: Yes, but I want you to use my data in this way. Here is my consent.
Company: Maybe, but consent or not, we still aren't allowed to, at least that's what our data protection officer believes, and if we were allowed to, it would be far too risky.
And because the German-dominated data protection orientation has now also prevailed in Europe with the GDPR, this “risky” has been given a solid EU price tag.
Instagram has just had to pay a fine of 405 million euros in Ireland for data protection violations.
Ha!
Shout out some da safe, totally deserved!
The problem, however, is that this quite extensive penalty was pronounced for a special case.
Namely for the situation that minors could have operated business accounts where they could have intentionally and knowingly published their e-mail address and telephone number under special circumstances.
That seems cumbersome to formulate, but it is actually not so much about the factual events.
So whether and how often that really happened.
It's about whether it was possible.
It's not that parent company Meta doesn't do a lot of things that deserve criticism.
I see a lot that is absolutely punishable, such as the ruthless, completely inadequate handling of hate speech and the misuse of the instruments against hate speech.
But is the temporary mere possibility of intentionally publishing an email address really such a catastrophic data protection violation that one has to pay almost half a billion euros for it?
advertisement
Sasha Lobo
Reality shock: Ten lessons from the present
Publisher: Kiepenheuer&Witsch
Number of pages: 400 pages
Publisher: Kiepenheuer&Witsch
Number of pages: 400 pages
Buy for €22.00
price inquiry time
07.09.2022 6.47 p.m
No guarantee
Order from Amazon
Order from Thalia
Order from Weltbild
Product reviews are purely editorial and independent.
Via the so-called affiliate links above, we usually receive a commission from the retailer when you make a purchase.
More information here
No, but that's not the point.
Because the data protection that actually exists offers a gateway for people and points of view who reject social media in principle and also despise the corresponding behavior in the population.
Sometimes I also observe a downright hostility towards digital entrepreneurship.
»But do you have to earn money with the internet at all?« – was a serious argument in a discussion about internet advertising that I had with a data protection officer.
Sometimes even at the highest level of data protection there is something that I would call bigoted.
Thilo Weichert, former data protection officer and a kind of high priest of the radical Schleswig-Holstein data protection school, has shot the metaphorical shotgun against all forms of social media from evil digital corporations for years.
But then he, the great preacher of prevention, had no objection to some form of data retention.
With all due respect to the enlightened, progressive data protectionists and their work, it seems clear to me that the culturally pessimistic prevention faction had and still has too much power.
Some data protection officers, for example, want to ban authorities from being active in the big social media at all.
This would cut off several digitally savvy generations of information relevant to democracy.
But that is the sad essence: the real existing data protection is more about the principle than about the digital life.
