Maja Smoltczyk, the Berlin commissioner for data protection and freedom of information, published her Annual report for 2020. The report has a total of 304 pages. As a result, the Berlin supervisory authority received 4,868 submissions from affected citizens last year, Berlin companies and authorities reported 925 data breaches, the authority issued 308 warnings to private and public bodies and imposed 47 fines totaling 77,250 euros. Many of the submissions and complaints are related to the corona pandemic, for example with the sometimes non-data protection compliant keeping of contact lists in restaurants and cafes as well as with the new design of digitized life.
Around 400 reports per month
A large part of the approximately 400 entries and complaints per month concerned the “shifting of various areas of life to the digital” due to the corona pandemic, such as working in the home office and homeschooling. The pandemic drove “digitization processes (…) massively, only too often without sufficient attention to data protection”, so the Berlin data protection authority in their Press release.
Digitization push and data protection
Measures such as the Corona warning app, studies to record symptoms, the use of lists for contact tracking or fever measurements in shops have shown how important it is to develop methods to combat corona in accordance with data protection. After all, the information on the use of video conferencing systems in compliance with data protection regulations motivated many providers of corresponding services to eliminate originally existing technical and legal defects. According to Smoltczyk, the digitalization push put data protection to the test: “It became clear in which areas there is still a lot of catching up to do in terms of sustainable development after the end of the pandemic. This applies above all to the implementation of the European principle of ‘privacy by design’ When developing products and processes, data protection must always be taken into account right from the start, so as not to be faced with the situation again in an emergency where products that do not comply with data protection and are therefore not legally compliant are used. “