Data Protection in the Federal Republic of Germany and the European Union: An Unequal Playing Field

Abstract

With the negotiation of its Data Protection Regulation, the European Union seeks to reform an outdated set of laws that has failed to address the evolving data protection challenges inherent in new technologies such as social networks, e-commerce, cloud computing, and location-based services. This article addresses the forthcoming Data Protection Regulation as well as the current state of data protection law in the EU, with a particular focus on Germany. The first part of the article examines Germany's robust data protection framework and the EU's existing authority. The article then raises key issues related to data protection in Germany and the EU—namely, discrepancies in data protection standards and enforcement among EU Member States—as illustrated by recent, high profile cases involving household names like Facebook, Apple, Google, and Amazon. Through this analysis, the article attempts to explain how and why companies doing business in Germany, but established in other EU Member States, are subject to less stringent data protection standards than German companies. Lastly, the article synthesizes the issues in debate with regard to the draft Data Protection Regulation and offers perspectives on what the Regulation could and should mean for data protection in the EU.