What is the purpose of the "Dataprotection Landscape"?
The data protection landscape is truly a maze. The General Data Protection Regulation (GDPR) and its many possible interpretations overwhelm our sense of direction. We get lost in a labyrinth of vague legal terms, unresolved questions of principle and detail, balancing decisions, regulatory gaps, inconsistencies, compromise formulas and symbolism. Laymen and experts alike struggle in the thicket of the data protection discourse to find the right path - a path that the landscape architect – the legislator – has unfortunately not provided with a clear legal aim - a defined Schutzgut.
Without such a Schutzgut, many paths seem feasible. However, legal uncertainty and the use of data protection law for political and other purposes are the result - a situation that is unsatisfactory for theory and practice.
Should data protection protect privacy? Or rights of personality? Or informational self-determination? Or an "informational integrity" yet to be defined in more detail? Or "all" rights and freedoms, as the GDPR says – unfortunately without further specification? How does the right to data protection relate to the other protected rights? Does data protection not primarily serve the individual, but society? Is it perhaps intended to combat organisational arbitrariness, prevent informational asymmetries and ensure the separation of powers in terms of information?
If these questions are too abstract for you, our "Dataprotection Landscape" will help you find your way. It does not answer the Schutzgut question. But it does provide clarity, makes it easier to find legal provisions, and makes the interests of all actors and thus the multidimensionality of data processing transparent (orientation knowledge). With pragmatic intent, it facilitates discourse and – we hope – becomes a platform for application-oriented digital inspiration (design knowledge). In this way, the "Dataprotection Landscape" can be seen as an inviting supplement to the many, often very good, existing offerings on the topic of data protection in research and practice. It would be presumptuous to expect completeness, comprehensiveness or even a systematising ultimate claim from such a "Dataprotection Landscape". Changes, adaptations and critical revisions can, will and should occur.
"Landscape" in the non-aesthetic sense is a recognisably coherent structure, but not necessarily logical and free of contradictions. In this sense, the "Dataprotection Landscape" reflects the numerous objectives of data processing regulation, the diversity of legal concepts (such as fundamental rights, rights, freedoms, interests, processing purposes and risks, balancing standards), and the different sources of law (international, Union, national), which complicate both the dogmatic understanding and the practical application of the norms.
While the "Dataprotection Landscape" initially focuses on the sphere of law, economics and ethics follow later.
The "Dataprotection Landscape" also forgoes the systematisation claim associated with complexity for reasons of reception strategy (for a successful example of systematisation see Tile M) in favour of a more modest navigation approach. Each individual "Tile" represents a point of view to be taken into account in data processing that has found its way (or possibly should have found its way) into the legal texts. It should be noted that the GDPR in particular does not list these aspects in a complete or coherent manner. Even if the tiles are of equal size, the point of view represented in each case naturally does not always have the same weight in the various considerations.
What moves the initiators of the "Dataprotection Landscape"?
The initiative "Dataprotection Landscape" is independent, non-commercial and financed by private means. Its initiators, Dr. Winfried Veil and Prof. Dr. Stefan Heinemann, first met in 2018 at an event organised by the digitalisation initiative d21 in Berlin. This resulted in a productive exchange about the meaning and purpose of data protection and the size and limits of the GDPR.
Winfried Veil is a jurist who was involved in the negotiations on the GDPR on behalf of the German government and has since been working scientifically on data protection law and fundamental issues of data regulation. Stefan Heinemann is a business ethicist, theologian and expert on digital developments – especially in medicine and the healthcare industry, but also beyond. Our open and multidisciplinary discourse has now condensed into the "Dataprotection Landscape".
Of course, we also represent a professional position, fed by various basic legal and ethical, but also economic considerations. Our approach is both descriptive and normative, whereby the current legal regulations do not appear satisfactory to us from a legal or ethical perspective because they do not adequately reflect the multidimensionality of data processing. Despite many positive aspects and potentials, the GDPR lacks the clarity that a dogmatic understanding and a coherent application require.
The GDPR only insufficiently achieves its goal of focusing on the protection of human dignity. A certain reading of the GDPR, which rather focuses on the inequality of the stakeholders and does not assume an under-determination of legal aims, does not advance the correct and important vision of the European Union to establish humanity as a positive success factor in the global digital competition.
In the age of digital transformation, human dignity is also expressed in people's "data actions". Privacy is an important value, but not the only one. Putting autonomy at the center appears to be the main concern of the GDPR and is welcome. However, according to the not necessarily widely shared opinion of the initiators, data protection needs a data protection law that fits the subject matter.
For this to happen, however, the subject matter – Schutzgut or Schutzgüter – must first be clearly defined. The rights and interests of data subjects, data controllers and third parties are therefore fundamentally of equal importance in the representation of the "data protection landscape. The structural principle of the "Dataprotection Landscape" therefore corresponds to the initiators' criticism of a focus on the perspective of the data subject and of a perception of data protection law as a right of prevention.
This is important to know and can be criticised. The view on this side is arguable. However, the "Dataprotection Landscape" naturally also contains content from authors who do not necessarily share this position and who represent opposing views. Our aim is to move the discourse forward - including explicit criticism of the initiator's position.
All content in the individual sections has been written by esteemed authors without compensation and is identified (including history of creation and modification). The authors are introduced in the section "Authors". [LINK]
Do you want to criticize, contribute or have other comments?
Please contact firstname.lastname@example.org - your input reached both initiators directly, you can expect a prompt response. Thank you for your interest!
Prof. Dr. Stefan Heinemann is Professor of Business Ethics at the FOM University of Applied Sciences and spokesperson of the Ethics Ellipse Smart Hospital at the Universitymedicine Essen and focuses on the economic and ethical perspective on digital medicine and the healthcare industry.
He is academic director of the HAUPTSTADTKONGRESS LAB (https://hauptstadtkongress-lab.de/) and head of the research group „Ethics of the Digital Health Economy & Medicine“ at the ifgs Institute for Health & Social Affairs of the FOM University of Applied Sciences, member of the „Working Group AI in Internal Medicine“ within the commission „Dgital transformation of internal medicine“ as well as expert advisor in various research and educational institutions.
In addition, the philo- sopher and theologian is a member of the scientific advisory board „Digital Transformation“ of the AOK Nordost, a member of the advisory board of the Institute for PatientExperience of the Universitymedicine Essen, a member of the social and health policy advisory board of the BARMER regional representation North Rhine-Westphalia and a member of the „Innovation circle blood donation“ of the DRK (German Red Cross) Blood Donation Service West. As well as on the board of the Cologne Science Round, chairman of the board of „Science City Essen“ and member of the board of trustees of sneep e. V., a student network for business and corporate ethics.
Dr. Winfried Veil studied law at the University of Mainz. He received his PhD from the German University of Administrative Sciences in Speyer on the question of whether the European Union can be democratised by means of direct democracy.
From 2001 onwards, interrupted by a one-year trip around the world, he worked for nine years as a lawyer in public commercial law at various major law firms (most recently CMS Hasche Sigle). After joining the Federal Ministry of the Interior, he accompanied the Council negotiations on the GDPR from 2013 onwards as a consultant in the project group responsible for the reform of data protection law in the EU. Since then, he has been working academically on issues of data protection law and data regulation.
He is co-editor and author of a commentary on the GDPR, author of numerous articles in scientific journals and handbooks, and blogs at www.cr-online.de. He also lectures at the University of Göttingen and the FernUniversität in Hagen. Of course, he only represents his personal views here.