"For the European path of digitization, we need technological sovereignty".

Personal data is processed around the clock - at work, when buying goods, in contact with authorities, in healthcare or when traveling and surfing the Internet. Yet many people are unaware of the risks associated with their data, let alone their rights. The "Forum Privatheit," funded by the German Federal Ministry of Education and Research, is an interdisciplinary research association that has been conducting research on data privacy for years and provides citizens with sound information on this topic. In an interview, Alexander Roßnagel explains how Europe can use data protection as an opportunity.

Professor Roßnagel, recently many people have had to deal with the issue of data protection: The widely used messenger service Whatsapp wanted to adapt its data protection rules on February 8 and oblige users to agree to them if they wanted to continue using the service. Due to public pressure, the data protection change was postponed until mid-May so that those affected could first be informed in more detail about the scope of the adjustments. What aspects of this current case are particularly interesting for you as an expert in data protection law?

People usually pay for a free service on the Internet with their data. The data protection rules allow the provider to use them without any restrictions in terms of time and content. Whatsapp wanted to pass the data on to the parent company Facebook, which compiles them into personality profiles, uses them for individualized advertising, makes them available to others and exploits them for other profit interests.

How can we design technology - such as a messenger service - to be privacy-friendly from the start?

The service must be able to refinance itself. But it should do so in a way that allows users to use it in a self-determined way. For this, it is important that users can choose between alternatives. Examples of such alternatives are: Payment with money or with data, with individualized, general or no advertising, with narrow purpose limitation and data deletion, or with broad usage options. The most data-protection-friendly variant must be preset and all data protection requirements must be implemented in the technology. In professional circles, we speak here of Privacy by Default and Privacy by Design.

At the moment, however, many still perceive data protection as a disruptive factor. Why is that? What can be done about it?

Many use "data protection" for interests other than the protection of fundamental rights. Its bureaucratization often serves secrecy or profit interests. Many companies hide their intentions behind cumbersome privacy statements that indirectly force them to accept even unfair terms. In contrast, the objective of data protection - self-determination of the individual - must be emphasized and the connections must be explained.

In your view, is the European General Data Protection Regulation a step forward for data protection?

On the whole, yes. Above all, it expresses the values that the EU member states have agreed on as they move toward the digital society: Human dignity, privacy, and democracy. It thus points to a third way - between Chinese-style digital control and Californian digital capitalism.

Germany and Europe have a certain lead in data protection. How can we maintain and exploit this lead?

For the European path of digitization, we need a certain technological sovereignty that enables technology development that promotes fundamental rights and is oriented toward the common good. In this way, the EU acts as a role model worldwide. Many other countries want to join us on this path and are aligning their data protection laws with the GDPR. The EU must expand this path and show that it also enforces its specifications against global providers.

What do you think needs to be done so that data protection "made in Europe" can become a real innovation driver and quality feature?

Technologies from the EU should stand for "built-in" data protection and thus be attractive on the global market because other countries are looking for comparable solutions. It is also possible to help other economies develop products and services that can be offered on the EU market.

The GDPR stipulates that people must actively consent to the processing of their personal data. How do you assess this instrument of consent? Doesn't it make broad use of data possible?

Actually, consent corresponds to informational self-determination. But it cannot lead to this if there is a glaring imbalance of power between the parties. It is particularly unsuitable for the use of digital infrastructures - for example, search services or social networks - because their terms of use are fixed. Laws must ensure their fairness.

An important aspect of the work of the research association "Forum Privatheit" is an understanding of technology that seeks to incorporate ethical, social and legal requirements at an early stage. What does that mean and why is it so important?

Technology systems are socio-technical systems. Understanding how they affect people and society requires interdisciplinary cooperation between technology, economics, social sciences, humanities and law. If risks are to be avoided and opportunities exploited, proposals for designing these technological systems in a way that is compatible with the common good must be developed and incorporated at an early stage before faits accomplis arise.

Finally, a personal question: What do you think about data privacy when you use digital technology?

I use digital technologies if I live better with them than without them. That's why I don't use a social network. Where suitable alternatives exist - as with video conferencing, messenger services or search engines - or I can shape the technology - for example, via cookies and settings - I choose the most privacy-friendly solution. If there are no relevant alternatives - as with smartphone operating systems, for example - I "bite the bullet".

Personal details: Prof. Dr. Alexander Roßnagel is Senior Professor of Public Law, Law of Technology and Environmental Protection at the University of Kassel. He heads the Project Group for Constitutionally Compatible Technology Design (provet) there and is director of the Scientific Center for Information Technology Design (ITeG). He is also spokesperson for the interdisciplinary research network "Forum Privatheit", which is funded by the German Federal Ministry of Education and Research.

The interview with further information can be found at:https://www.forschung-it-sicherheit-kommunikationssysteme.de/service/aktuelles/interview-europaeischer-datenschutztag

In the Forum Privatheit, experts from seven scientific institutions deal with issues relating to the protection of privacy in an interdisciplinary, critical and independent manner. The project is coordinated by Fraunhofer ISI. Other partners include Fraunhofer SIT, the University of Duisburg-Essen, the Scientific Center for Information Technology Design (ITeG) at the University of Kassel, Eberhard Karls University of Tübingen, Ludwig Maximilian University of Munich, and the Independent State­Center for Data Protection Schleswig-Holstein. The German Federal Ministry of Education and Research supports the Privacy Forum to stimulate public discourse on the topics of privacy and data protection.

Interview: Barbara Ferrarese

Speaker "Forum Privatheit":
Prof. Dr. Alexander Roßnagel
Department of Public Law
University of Kassel
a.roßnagel[at]uni-kassel[dot]de
Press photo Alexander Roßnagel

Project coordination "Forum Privatheit":
Dr. Michael Friedewald
Fraunhofer Institute for Systems and Innovation Research ISI
Competence Center New Technologies
michael.friedewald[at]isi-fraunhofer[dot]de

Press and Communication "Forum Privacy":
Barbara Ferrarese, M.A.
Fraunhofer Institute for Systems and Innovation Research ISI
+49 (0) 0721 / 6809-678
barbara.ferrarese[at]forum-privatheit[dot]de
www.forum-privatheit.de
Twitter: @ForumPrivacy