Germany Clears EU Data Harmonization Legislation

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jabeen Bhatti

A Germany-European Union privacy law harmonization bill that had been criticized by privacy regulators was cleared by the nation’s upper house of Parliament May 12 for final approval.

Germany would be the first country in the EU to adapt its national privacy laws to fit within the EU General Data Protection Regulation (GDPR) framework. Companies should view this as a “warning signal” to ensure their privacy practices comply with the new privacy regime, Tim Wybitul, partner at Hogan Lovells in Frankfurt, told Bloomberg BNA.

The bill, if signed, would amend German law to bring it in line with the GDPR, which is slated to take effect in May 2018. The bill’s earlier versions were criticized by privacy regulators and attorneys as potentially weakening data privacy protections for EU citizens and limiting German regulatory enforcement powers at the state level. Also, earlier versions strayed from the GDPR by establishing a maximum fine of 300,000 euros, instead of the GDPR’s mandated maximum of 20 million euros or up to 4 percent of a company’s global revenue.

German lawmakers have since introduced changes to the bill to address those potential violations. The bill was approved by Germany’s lower house of Parliament, the Budestag, April 27, and must be signed by the federal president to become law.

The present version of the bill “improved in terms of compliance with the requirements of the opening clauses of the GDPR,” Carlo Piltz, data protection attorney at Reuschlaw in Berlin, told Bloomberg BNA. “For example, the possibilities to process personal data for other purposes have been reduced significantly.”

German privacy regulators had also criticized the bill for not adequately considering individuals’ access rights to data .

The updated version “considerably strengthens” the rights of data subjects to obtain and delete information on themselves by reducing the number of restrictions on their rights, compared with earlier versions, Andrea Voszhoff, Germany’s federal privacy officer, said in a statement.

EU Monitoring Germany

The European Commission, the EU’s executive arm, is monitoring Germany and other EU countries closely as they implement the EU regulation, Renate Nikolay, head of cabinet for Justice Commissioner Vera Jourova, told Bloomberg BNA.

The Commission already submitted a letter to the German government expressing concerns over Germany’s liberal use of opening clauses and any limits Germany’s bill would place on fundamental individual rights, Nikolay said. That would run counter to the GDPR’s aim of making a “big leap ahead” to a uniform EU law, she said.

To contact the reporter on this story: Jabeen Bhatti in Berlin at

To contact the editor responsible for this story: Donald Aplin at

For More Information

Text of the bill is available at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security