German coalition agreement marks shift towards more innovative approach to data protection

The newly formed coalition government in Germany has unveiled ambitious plans for the 21^st legislative period. Among the various policy areas addressed, data protection and IT law stand out as critical components as the government looks to foster innovation.

For instance, the coalition agreement proposes making data protection laws less bureaucratic and more innovation friendly. This approach is intended to streamline processes for businesses, particularly small and medium-sized enterprises (SMEs), and foster a more conducive environment for technological advancement.

Daniel Widmann, data law and cyber security expert at Pinsent Masons, said: “This is similar to efforts we see on an EU level, with the government concentrating on reducing bureaucratic hurdles and increasing efficiency.”

One of the changes is the planned centralisation of data protection supervision. The Federal Data Protection Commissioner is supposed to oversee data protection for companies, consolidating responsibilities that were previously dispersed across various regional authorities.

The agreement also proposes significant exemptions from the General Data Protection Regulation (GDPR) for SMEs, low risk data processing activities, and non-commercial processing activities. By excluding these entities from the stringent requirements of the GDPR, the government hopes to reduce the regulatory burden on smaller businesses and encourage innovation.

The coalition agreement further outlines several key initiatives aimed at supporting data sharing and usage. One of the most significant proposals is the condition of a new “Data Law Code”, which is supposed to provide a comprehensive framework for data usage and sharing. Where possible, the government intends to implement opt-out solutions from data usage, rather than the traditional opt-in approach. This shift is expected to simplify data sharing processes and enhance the usability of data for various purposes.

The principle of “public money, public data” is another cornerstone of the coalition’s IT and data law strategy. Data trustees will be established to ensure high data quality and build trust in data management. This initiative aims to make publicly funded data more accessible and usable for research and innovation.

The agreement also addresses the issue of copyright in the context of artificial intelligence (AI). Copyright holders will be appropriately renumerated for the use of their works in the development of generative AI. This measure seeks to balance the interests of creators and innovators in the rapidly evolving AI landscape.

Widmann said: “It remains to be seen if the proposed ‘Data Law Code’ will indeed create a new data economy in Germany. However, the emphasis on opt-out solutions and public data accessibility is a promising step towards a more open and innovative data environment.”

Cybersecurity is another critical area addressed in the coalition agreement. The Federal Office for Information Security (BSI) will be expanded into a central contact point for cybersecurity. This expansion aims to enhance Germany’s ability to respond to cyber threats and coordinate cybersecurity efforts across various sectors.

The new government has committed to implementing the NIS2 Directive, which sets out measures for achieving a high common level of cybersecurity across the EU. This directive will provide a robust framework for improving cybersecurity standards and practices in Germany.

Additionally, companies will receive support in implementing the Cyber Resilience Act (CRA), which aims to enhance the security of digital products and services.

“Cybersecurity is a key topic for the new German government, considering the global threat landscape. It will be interesting to see which measures are being put in place to support companies with their implementation of CRA requirements,” said Widmann.