Inconsistent interpretation and application of data protection regulations by the 18 German data protection supervisory authorities damage the acceptance of data protection law and legal certainty.

Data protection supervision should be standardised in the private sector (non-public bodies) (cf. also Federal Government Data Strategy, section 2.1.1).

Furthermore, federal law should be applicable to transnational research projects and a lead data protection supervisory authority should be designated analogous to the DS-GVO and Section 287a of the German Social Code, Book V.