Key points for the regulation in matters of data protection of online services

(Resolution of the Conference of Data Protection Commissioners of the Federation and the Laender of 29 April 1996)

(Text in deutsch)

Recently, online services and multimedia applications have become increasingly widespread. Special risks for the right of informational self-determination are associated with the offers - often multimedia-offers - which can be accessed interactively via telecommunications networks; in particular attention must be drawn to the danger that user behaviour may be recorded and user-profiles formed without this being noticed. The general law on data protection is not sufficient to effectively control the risks associated with the new technical possibilities and forms of use.

The data protection commissioners of the Federation and the Laender consider it urgently necessary to formulate technical and legal design requirements for the electronic services by area-specific regulations which secure data protection. The ruling principle here should be that of avoiding or of minimising data collection. The data protection commissioners proposed in this respect in a resolution of 14/15 March 1996 on the modernisation and European harmonisation of the law on data protection that informational self-determination with respect to multimedia and other electronic services should be secured by the obligation to offer anonymous use and payment procedures, by protection against rash granting of consent (e.g. by a right to object) and by the rigorous restriction of the data generated in the connection process, use and billing to the intended purpose.

The data protection commissioners point out that problems of data protection may be associated with contents which are disseminated by online services too. In the following, however, these problems are not discussed, nor is there discussion of the data protection aspects of telecommunications. In the key points regarding data protection, the place of regulation - i.e. a contract between the Laender and the central state or a federal law - is deliberately left unspecified. The data protection commissioners call on the legislators at federal and state level not to allow an appropriate data protection regulation of the new services to fail because of disputes as to proper jurisdiction.

1. Anonymous use or sparing use of data:
   the services and multimedia facilities should be designed such that no or as few personalised data as possible are collected, processed and used; for this reason, anonymous use and payment forms are to be offered. The data used for the maintenance and appropriate design of services (system maintenance) should also be anonymous as far as possible. Insofar as a completely anonymous use cannot be realised, it must be examined in each case whether through other procedures, e.g. the use of pseudonyms, a direct reference to individuals can be avoided. In this form of use, the identification of the user should only occur when there is a substantiated legal interest in the identification.
2. Basic data:
   Basic data may only be collected, processed and used insofar as necessary for the substantiation and management of a contractual relationship and for system maintenance. The basic data may be used for the appropriate design of services and for advertising and market research insofar as the individual concerned has not objected. In the case of advertising and market research by third parties, basic data may only be processed with the express consent of the individual concerned.
3. Connection and billing data:
   Connection and billing data may be collected, stored and used only for the purpose of conveying offers and for billing purposes. The data is to be deleted when it is no longer required for the provision of services or for billing purposes. Insofar as connection data is stored exclusively for the communication of a service, it is to be deleted at the latest when the connection is ended. The storage of the billing data must not allow recognition of the time, the duration, the kind, the content or the frequency of specific offers used by the individual participants, unless the participant makes application for such storage. Connection and billing data may be used only for the purposes for which it is recorded. It may only be collected, processed and used beyond the extent named here with the express consent of the individual concerned. This does not affect the storage of data of those responsible for offers in connection with imprint obligations.
4. Interaction data:
   If personalised data is also collected in the course of interactive services which shows what inputs the participant has made during the use of the offer to influence the process (interaction data: this includes, for example, data entered while searching encyclopedias, in interactive search systems - for instance, electronic timetables and telephone directories - and in online games) this may only occur with the knowledge and express consent of the individual concerned. Interaction data may only be processed and used if its use is strictly limited to the purposes for which it is recorded. The data is always to be deleted once the purpose for which it was collected has been achieved (thus data on the interaction search of offers must be deleted immediately after the ending of the search process). A further processing of this data is only permissible on the basis of the express consent of the individual concerned.
5. Consent:
   The conclusion or the fulfilment of a contractual relationship must not be made dependent on the individual concerned consenting to the processing or use of his or her data outside of the permissible purposes for which it is recorded. Insofar as data is collected on the basis of consent, it must be possible to withdraw this consent at any time. A minimum standard is to be defined for the form and documentation of electronically entered consent and other declarations of intent that guarantees an unfalsifiable proof of the fact, the time and the object. In this it must be ensured as far as possible that, prior to the granting of consent, the participant is informed about the content and the consequences of his or her consent and about his or her right to retract. For this reason, the persons concerned must be able both prior to and after the input of the declaration to access consents, contracts and other information on the conditions of use of services, multimedia facilities and services and to receive these in written form too. Since contracts and other legally binding declarations, which are written in a foreign language, may contain technical legal expressions, which can only be understood against the background of the legal system concerned, those services at least which offer a German language user surface should make available such documents in German too.
6. Transparency of the services and control of the data transmission by the participants:
   The automatic transmission of data by the data processing unit deployed at the location of the individual concerned is to be restricted to the amount which is technically necessary for fulfilment of the contract. A transmission beyond this is permissible only on the basis of special consent. In view of the fact that, with the technology that is used, the participants cannot recognise in which service they are and which data is automatically transmitted and stored during the use of electronic services or in the provision of services, it is to be ensured that the participants are informed about this prior to the commencement of the data transmission and that they have the possibility to abort the process at any time. The user software provided by the supplier or network operator must contain a possibility that can be activated by the user to record completely the entire flow of the ingoing and outgoing data. In the case of a switching through to another service or to another multimedia facility, the participants must be informed of the switching through and hence of the possible data transmissions. Service providers have to guarantee that they do not use any recognisably insecure networks for the transmission of personalised data or they must secure the protection of these data by appropriate measures. According to the state of the art, suitable (e.g. cryptographic) processes are to be used to guarantee the confidentiality and integrity of the transmitted data and a reliable identification and authentication between participants and providers.
7. Rights of those affected:
   The rights of those affected to information, blocking, correction and deletion are to be guaranteed in the case of multimedia and other electronic services too. Insofar as personalised data are published within an electronic service subject to the media privilege, the right of reply of the person affected by the publication is to be secured.
8. Data protection inspection:
   Effective, independent and permanent data protection supervision is to be guaranteed. The authorities responsible for the inspection of data protection must be enabled to access electronically the services without charge and at any time and be granted access to the technical facilities deployed. In the case of electronic services for which the media privilege applies, the external data protection inspection is to be restricted accordingly.
9. 9. Scope:
   The scope of the relevant regulations is to be stipulated unambiguously. It is to be ensured that the data protection provisions also apply if personalised data are not processed in files.
10. International data protection regulation:
    In view of the increasing importance of cross-border electronic services, a further development of the European and international legal system is urgently necessary that also guarantees an appropriate level of data protection in the case of foreign services and multimedia offers. Adoption of the so-called ISDN data protection directive with a high standard of protection Europe-wide is overdue. In the short term it is necessary to give the persons affected suitable means to uphold their rights of data protection against foreign operators and service providers. The services active in Germany from non-EU member states have to name a responsible domestic representative in the meaning of the EC data protection directive (95/48/EG) of 24.10.1995.