The powers of intervention of the data protection supervisory authorities are unprecedented.

The amount of fines they can impose is disproportionate compared to other regulatory offences and even exceeds the highest possible fines under criminal law (at least in Germany).

The supervisory authorities have access to "all" information and personal data they need to fulfil their duties. They have access to all the controller’s premises and data processing equipment. And they can effectively shut down businesses by banning their data processing.

All these official powers of intervention are not limited, concretised and specified by law - as is usual with other regulatory authorities.

As if this were not already questionable enough from the point of view of the rule of law, the data protection supervisory authorities are also "completely independent". They are therefore subject to neither technical nor legal supervision. They are largely free to implement data protection law. In the absence of democratic accountability, the democratic legitimacy of the actions of the data protection supervisory authorities is highly doubtful.

Potentially, the data protection supervisory authorities have a comprehensive state control instrument in their hands - and that in the area of access to information.

For more details see Veil, Datenschutz, das zügellose Recht – Teil V: Die schrankenlose Behörde.