Germany Moves to Amend Privacy Laws in Anticipation of the EU’s General Data Protection Regulation
With the EU’s General Data Protection Regulation (GDPR) scheduled to go into effect in May of 2018 – an ambitious effort to harmonize a patchwork of EU privacy laws and create a uniform privacy regime that restricts the collection, processing and use of individual information – Germany has become the first member state to amend its own privacy laws in anticipation of the coming changes. In May 2017, the German Federal Council (‘Bundesrat’) passed an act intended to bring the current German data protection laws in line with the requirements of the GDPR. On July 5, 2017, the new German Federal Data Protection Act (‘Bundesdatenschutzgesetz’), referred to as the German Data Protection Act, was countersigned by the German Federal President and published in the Federal Law Gazette. The Act utilizes some of the framework and concepts of the GDPR to enhance Germany’s existing data protection rules, while at the same time modifies existing German privacy rules to allow for certain data to be used more freely in cases of national security and employment. Under the new German law, employee data can be processed if “necessary” to establish or carry out the employment relationship (for example, to enforce a collective bargaining agreement). Although this is not a substantive change from existing law, some clarifications have been made...