|
Key points for the regulation in matters of data protection of online services
(Resolution of the Conference of Data Protection Commissioners of the Federation and the Laender of 29 April 1996)
(Text in deutsch)
Recently, online services and multimedia applications have become
increasingly widespread. Special risks for the right of informational
self-determination are associated with the offers - often multimedia-offers
- which can be accessed interactively via telecommunications networks;
in particular attention must be drawn to the danger that user
behaviour may be recorded and user-profiles formed without this
being noticed. The general law on data protection is not sufficient
to effectively control the risks associated with the new technical
possibilities and forms of use.
The data protection commissioners of the Federation and the Laender
consider it urgently necessary to formulate technical and legal
design requirements for the electronic services by area-specific
regulations which secure data protection. The ruling principle
here should be that of avoiding or of minimising data collection.
The data protection commissioners proposed in this respect in
a resolution of 14/15 March 1996 on the modernisation and European
harmonisation of the law on data protection that informational
self-determination with respect to multimedia and other electronic
services should be secured by the obligation to offer anonymous
use and payment procedures, by protection against rash granting
of consent (e.g. by a right to object) and by the rigorous restriction
of the data generated in the connection process, use and billing
to the intended purpose.
The data protection commissioners point out that problems of data
protection may be associated with contents which are disseminated
by online services too. In the following, however, these problems
are not discussed, nor is there discussion of the data protection
aspects of telecommunications. In the key points regarding data
protection, the place of regulation - i.e. a contract between
the Laender and the central state or a federal law - is deliberately
left unspecified. The data protection commissioners call on the
legislators at federal and state level not to allow an appropriate
data protection regulation of the new services to fail because
of disputes as to proper jurisdiction.
- Anonymous use or sparing use of data:
the services and
multimedia facilities should be designed such that no or as few
personalised data as possible are collected, processed and used;
for this reason, anonymous use and payment forms are to be offered.
The data used for the maintenance and appropriate design of services
(system maintenance) should also be anonymous as far as possible.
Insofar as a completely anonymous use cannot be realised, it must
be examined in each case whether through other procedures, e.g.
the use of pseudonyms, a direct reference to individuals can be
avoided. In this form of use, the identification of the user should
only occur when there is a substantiated legal interest in the
identification.
- Basic data:
Basic data may only be collected, processed
and used insofar as necessary for the substantiation and management
of a contractual relationship and for system maintenance. The
basic data may be used for the appropriate design of services
and for advertising and market research insofar as the individual
concerned has not objected. In the case of advertising and market
research by third parties, basic data may only be processed with
the express consent of the individual concerned.
- Connection and billing data:
Connection and billing
data may be collected, stored and used only for the purpose of
conveying offers and for billing purposes. The data is to be deleted
when it is no longer required for the provision of services or
for billing purposes. Insofar as connection data is stored exclusively
for the communication of a service, it is to be deleted at the
latest when the connection is ended. The storage of the billing
data must not allow recognition of the time, the duration, the
kind, the content or the frequency of specific offers used by
the individual participants, unless the participant makes application
for such storage. Connection and billing data may be used only
for the purposes for which it is recorded. It may only be collected,
processed and used beyond the extent named here with the express
consent of the individual concerned. This does not affect the
storage of data of those responsible for offers in connection
with imprint obligations.
- Interaction data:
If personalised data is also collected
in the course of interactive services which shows what inputs
the participant has made during the use of the offer to influence
the process (interaction data: this includes, for example, data
entered while searching encyclopedias, in interactive search systems
- for instance, electronic timetables and telephone directories
- and in online games) this may only occur with the knowledge
and express consent of the individual concerned. Interaction data
may only be processed and used if its use is strictly limited
to the purposes for which it is recorded. The data is always to
be deleted once the purpose for which it was collected has been
achieved (thus data on the interaction search of offers must be
deleted immediately after the ending of the search process). A
further processing of this data is only permissible on the basis
of the express consent of the individual concerned.
- Consent:
The conclusion or the fulfilment of a contractual
relationship must not be made dependent on the individual concerned
consenting to the processing or use of his or her data outside
of the permissible purposes for which it is recorded. Insofar
as data is collected on the basis of consent, it must be possible
to withdraw this consent at any time. A minimum standard is to
be defined for the form and documentation of electronically entered
consent and other declarations of intent that guarantees an unfalsifiable
proof of the fact, the time and the object. In this it must be
ensured as far as possible that, prior to the granting of consent,
the participant is informed about the content and the consequences
of his or her consent and about his or her right to retract. For
this reason, the persons concerned must be able both prior to
and after the input of the declaration to access consents, contracts
and other information on the conditions of use of services, multimedia
facilities and services and to receive these in written form too.
Since contracts and other legally binding declarations, which
are written in a foreign language, may contain technical legal
expressions, which can only be understood against the background
of the legal system concerned, those services at least which offer
a German language user surface should make available such documents in German too.
- Transparency of the services and control of the data transmission
by the participants:
The automatic transmission of data by
the data processing unit deployed at the location of the individual
concerned is to be restricted to the amount which is technically
necessary for fulfilment of the contract. A transmission beyond
this is permissible only on the basis of special consent. In view
of the fact that, with the technology that is used, the participants
cannot recognise in which service they are and which data is automatically
transmitted and stored during the use of electronic services or
in the provision of services, it is to be ensured that the participants
are informed about this prior to the commencement of the data
transmission and that they have the possibility to abort the process
at any time. The user software provided by the supplier or network
operator must contain a possibility that can be activated by the
user to record completely the entire flow of the ingoing and outgoing
data. In the case of a switching through to another service or
to another multimedia facility, the participants must be informed
of the switching through and hence of the possible data transmissions.
Service providers have to guarantee that they do not use any recognisably
insecure networks for the transmission of personalised data or
they must secure the protection of these data by appropriate measures.
According to the state of the art, suitable (e.g. cryptographic)
processes are to be used to guarantee the confidentiality and
integrity of the transmitted data and a reliable identification
and authentication between participants and providers.
- Rights of those affected:
The rights of those affected
to information, blocking, correction and deletion are to be guaranteed
in the case of multimedia and other electronic services too. Insofar
as personalised data are published within an electronic service
subject to the media privilege, the right of reply of the person
affected by the publication is to be secured.
- Data protection inspection:
Effective, independent and
permanent data protection supervision is to be guaranteed. The
authorities responsible for the inspection of data protection
must be enabled to access electronically the services without
charge and at any time and be granted access to the technical
facilities deployed. In the case of electronic services for which
the media privilege applies, the external data protection inspection
is to be restricted accordingly.
- 9. Scope:
The scope of the relevant regulations is to be
stipulated unambiguously. It is to be ensured that the data protection
provisions also apply if personalised data are not processed in files.
- International data protection regulation:
In view of
the increasing importance of cross-border electronic services,
a further development of the European and international legal
system is urgently necessary that also guarantees an appropriate
level of data protection in the case of foreign services and multimedia
offers. Adoption of the so-called ISDN data protection directive
with a high standard of protection Europe-wide is overdue. In
the short term it is necessary to give the persons affected suitable
means to uphold their rights of data protection against foreign
operators and service providers. The services active in Germany
from non-EU member states have to name a responsible domestic
representative in the meaning of the EC data protection directive
(95/48/EG) of 24.10.1995.
|