Slide

PROJECTS

Time does not stop. Neither do I - there's always something exciting to do. In the following you can see the projects I was and will be involved in. This will give you an impression of how diversified my interests are.

Upcoming projects:

The innovative new concept of Time-2-Explore GmbH for professional staff development

In times of rapid digitalization of work processes at all levels of a company, it is of existential importance to ensure the competitiveness and therefore the economic survival of a company that its most valuable resources – the employees – are familiar with the new challenges and are able to master them safely.

However, it is not enough to simply impart technical knowledge and functionalities; individual understanding and acceptance of the new opportunities offered by digitization for each and every employee at all levels of the company is absolutely necessary for the success of professional development.

It is not enough to provide knowledge in a one-sided way, through online courses, online videos or any other of the many training tools available on the market; training is only successful when the individual employee can apply their knowledge individually to the needs of their specific work environment and is supported directly and with competence.

Continuing professional development is served in many ways by an almost immense market of providers. Here, formats and tools are also offered that make use of the infrastructure and technical possibilities that the Internet offers, in individual cases even in a very innovative way.

But how can it be that:

  • in a survey of 1500 managers from 50 organizations that 75 % were dissatisfied with the training offered by their organization?
  • more than 70 % of the employees do not have the minimum perception of what knowledge is required for the job they are doing today.
  • only 12% of workers apply the knowledge they learn in training programs to their jobs.
  • Only 25% of employees believe that training improves the quality of their work!

All in all, it needs to be mentioned that most of the training offered today is not only ineffective overall, but also that the reason, timing, and content of the training offered is often inaccurate. Not to talk about the fact that the possibilities of innovative improvements offered by the Internet and digitalization are not just limited to the appropriate professionally trained employees, but really must reach every single workplace in a company.

The new and innovative concept of Time-2-Explore GmbH, a company I founded together with my two daughters, addresses, and solves exactly these problems.

Look forward to the next Shout- Outs. In them I will further explain the individual components of this concept, which is characterized by elements of personal support, flexible planning, and transparent costs.

We are looking forward to your visit on our website. There you can already find more information: www.time-2-explore.de.

CDU/CSU and SPD argue about implementation of EU directive

At least since Edward Snowden’s spectacular revelations about the NSA’s spying practices, everyone knows what a whistleblower is.

Whistleblower usually accept a very high personal risk and repressions in order to point out significant abuses and violations of rights within their field of activity to make them public.

This usually results in termination of the respective employment without notice. This has also always been confirmed as permissible by the labor courts due to the lack of mutual trust between employer and employee, which is necessary for any employment relationship – and which is precisely what is made clear by the whistleblowing to third parties or the public.

On the other hand, there is a considerable public and social interest in ensuring that violations of the law are made public, punished and prosecuted, also and especially in companies.

This does not happen if the employee always has to expect termination or other repression.

The EU Directive on the protection of persons who report violations of Union law of 23.10. 2019.

The so-called Whistle-blower-Directive provides the protection of persons who report violations of Union law in certain areas – for example, when it comes to public procurement, financial services, product safety, transport safety, environmental protection, food, public health, consumer and data protection.

This directive would actually have to be implemented by the German government by December 17th, 2021, as part of its obligations under the EU agreements. In addition, the Committee of Ministers of the Council of Europe had already established principles for national regulations on whistle-blower protection in 2014. The United Nations Convention against Corruption, which Germany ratified in 2014, also calls on member states to take appropriate measures.

International pressure is therefore high. Effective protection for Whistle-blower should be standard practice!

Where is the problem for the disagreement between CDU/CSU and SPD?

The main point of disagreement between these parties is whether Whistle-blower should only be protected when it comes to violations of EU law or also when it comes to violations of German law.

The SPD wants to disclose violations of both European and German law. “Because otherwise, anyone who reports a violation of European data protection regulations would be protected, but anyone who points out bribe payments, tax evasion or violations of German environmental or occupational safety regulations would not be protected. “

However, the CDU/CSU would like to grant whistle-blower protection only for violations of EU law, because otherwise the requirements of the EU directive would be implemented in an excessive manner.

Particularly in the current pandemic situation, many companies are struggling for their existence and should not have any additional obstacles put in their way by further administrative burden and regulations.

It is doubtful whether a legal regulation will be passed in this legislative period, although this would logically lead to violation of contract proceedings by the EU against the Federal Republic of Germany.

Whistle-blower could also refer directly to the EU directive

However, if the implementation period expires without a corresponding law, employees could also directly rely on the EU Directive.

If, for example, the employee is terminated after receiving a tip, he or she could refer to the EU directive as a protective law – and the termination could be unlawful.

Most recently, for example, the case of a female employee caused a stir with a video from the canteen of the Tönnies slaughterhouse showing people sitting close together at lunch – in the middle of the corona pandemic.

The woman defended herself against her summary dismissal at the Bielefeld District Court, where a settlement was finally reached. In the future, courts may be more likely to rule in favour of Whistle-blower – especially since they must interpret German law in a way that implements EU law as effectively as possible.

In a recent study, the privacy experts at pCloud examined the so-called privacy labels in the App Store to identify the apps that process the most user data. The object of the investigation was not only to find out which apps use information for their own internal purposes, but also those that share their information and data with third-party providers. pCloud is a Swiss-based provider of cloud storage solutions with over 10.5 million users worldwide.

Here, it is understandable that data is collected in order to improve their own app. This includes, for example, the analysis of errors or crashes in order to fix them in updates. This use of data is often in the interest of iPhone and iPad users. It becomes more critical, however, when the companies resell the collected user data in order to finance themselves with it.

52% of apps for iPhone and iPad share information with third-party providers.

The research results have been summarized by pCloud in an overview. You can view the overview here: https://blog.pcloud.com/invasive-apps/

Among other things, this overview is about apps that share the collected data with third-party providers. The information includes, for example, purchases, location, contact details, search and browsing history, financial details or health and fitness data – so it is definitely about very sensitive data.

The TOP 3 data octopuses according to pCloud:

1st place goes to ➞ INSTAGRAM

– Instagram collects 79% of personal data, and the app is only sparing with the information in a few categories.

2nd place goes to ➞ FACEBOOK

– At 57%, Facebook shares significantly more than half of all data with third-party providers.

3rd place goes to ➞ LINKEDIN

– LinkedIn shares 50% of its data with third-party providers, which somewhat surprisingly includes user content, which at LinkedIn includes the account holders’ own posts.

Also notable is that 6th and 7th place go to YouTube. In 6th place you find YouTube and in 7th place YouTube Music. It is interesting to note that YouTube’s listener data is also shared with third parties. In total, YouTube shares 43% of its customer data.

In 10th place is eBay, although it is impressive to note here that eBay also shares all of its data about auctioned and purchased items with third-party providers. In total, eBay shares 36% of its customer data with third-party providers.

So users of these apps need not be surprised if, for example, they see ads for potential purchases in other apps again and repetitively flowing in on them. It should always be taken into account that the apps also communicate with each other.

Which apps do not pass on data to third parties

At the other end of the scale of iPhone and iPad apps, however, I also find some positive surprises! These are apps that don’t share any or very few details with third parties, and thus don’t share any data that could be used by third parties for marketing purposes.

Surprisingly, they also include well-known companies, such as.

NETFLIX

SKYPE

and ZOOM.

Also in this category are:

Microsoft Teams, Google Classroom, Telegram and the relatively new Clubhouse.

Thus, sharing customer data with third parties does not seem to be a mandatory requirement to establish a profitable business model on the Internet!

Apple’s new Privacy Data Labels

But it’s not just third-party providers that use users’ data; Apple’s own apps also have access to personal information.

By implementing its own privacy data labels, Apple is pursuing a transparency strategy that makes the transfer and use of data to third parties transparent for the user.

Click here for the Apple guidelines: https://www.apple.com/de/privacy/labels/

Apple intends to introduce these transparency guidelines in a few weeks with the delivery of IOS 14.5 for all apps in the App Store. It should come as no surprise that this is currently meeting with fierce resistance – especially from Facebook.

Conclusion

I think that this strategy by Apple is definitely conducive to more effective data protection – in essence, ensuring transparency in the use of personal data.

This should make it easier for users to see and decide how their data is used and distributed, and whether or not they want to use the app in question.

It is at least another small step on the way to ensuring the transparency of the processing of personal data against the economic interest in the use and exploitation of personal data by the large international Internet corporations, which is as unlimited as possible.

What does that actually mean and what is it all about?

The Diem Association, formerly Libra, co-founded by Facebook, is pursuing the mission of developing an Internet of money. A global currency and financial infrastructure for billions of people. The European Central Bank and the Bank of China are also looking at introducing a digital currency to complement cash.

This development raises a host of legal questions. What is money? When is money a currency? Is digital money compatible with Union law as an alternative currency to euro cash?

What is money?

In the advanced civilizations of Asia, coinage made of gold, silver or copper was already being used as a means of payment long before Christ, before the introduction of paper money detached the value of money from its intrinsic value. With the further spread of paper money, a banking system emerged in Germany in which cash as book money was increasingly dematerialized. This led to the development of a cashless payment system. Current developments are now aimed at further increasing digitization and internationalization of the monetary system. Blockchain technology promises to enable faster payments at low fees and thus represents a new level of innovation in the monetary system.

In economic terms, money is an asset that serves as a medium of exchange, a unit of account and a store of value, whereby money is always a means of payment, but means of payment do not always necessarily have to be money.

When is money a currency?

In the abstract, a currency is the monetary system of one or more states, and in concrete terms it is a means of payment recognized by the state and determined by law. Against this background, it becomes clear that bitcoin, for example, is neither money nor currency, since there is already no central issuer. Only if the European Central Bank were to introduce a blockchain-based central bank money – such as an e-euro – would one have money in the legal sense and could represent an additional design form of a currency.

Is digital money compatible with Union law as an alternative currency to euro cash?

The future of payments

Under this definition, the development of private blockchain-based means of payment – such as Facebook’s planned Diem – would not strictly speaking be a currency in the legal sense. However, it has the potential to trigger profound changes in payments. These blockchain-based payment methods are very different in detail. The respective requirements in terms of different scopes and purposes of use differ significantly. For example, Facebook requires a Facebook account to use Diem, which significantly limits its use.

The European Parliament and Council Regulation “on Markets in Cryptoassets, and amending Directive (EU) 2019/1937” published in September 2020 describes a digital finance strategy, legislative proposals on cryptoassets and digital resilience for a competitive EU financial sector. The purpose of this is to ensure that interpretive authority is settled vis-à-vis both regulators and market developments as to how these new means of payment should be classified and valued. This can provide consumers with access to innovative financial products while ensuring consumer protection and financial stability. The regulation addresses issuers of cryptocurrencies, utility tokens, stablecoins as well as e-money tokens. Reference is made to providers such as PayPal or the European Payments Initiative of 16 major European banks, which aim to further develop cashless, digital payments.

Conclusion:

The future of money faces an extremely dynamic development that could usher in a turning point in the history of money. In my opinion, it would certainly be advisable for policymakers and the general public to approach these new developments with an open mind and not to block innovations here prematurely due to national egoisms. The future of money has only just begun.

An important step towards increasing trust in political decisions

Since the end of 2020, there has been an agreement to introduce a mandatory transparency register for the European Parliament, the Council of the EU and the European Commission. This agreement goes back to a Proposal the Commission had already submitted in 2016.

On December 15, 2020, the Parliament, the Council and the Commission have now reached a final agreement on an Interinstitutional Agreement (IIA). The official signing and entry into force are planned for spring 2021.

Extension and new participation of the EU Council

The new Transparency Register will be managed by a secretariat in which the three institutions Parliament, Council and Commission will participate on an equal basis. To be registered, the applicants will have to comply with a code of conduct. Here, there was also a consensus to introduce stricter provisions on monitoring and investigations to ensure that effective action is also taken if a lobbyist does not comply with the code of conduct. The removal of registered lobbyists from the register is also defined as a possible sanction.

Mandatory registration of activities

The Transparency Register provides that interest representatives must register if they engage in the following activities:

  • Meeting with significant decision-makers, organizations, and
  • Participate in hearings and briefings, and
  • Seeking access to institutions.

This includes activities that aim to influence decision-making processes or formulations or implementation of policies or legislation at the EU level. Furthermore, stakeholders must explain what interests and objectives they pursue and which clients they represent, as well as providing information about resources used for interest advocacy, especially sources of funding.

Associations and networks of agencies engaged in lobbying can voluntarily register if they choose to do so.

Some activities will remain possible without registration: (for example)

  • spontaneous meetings,
  • legal advice and
  • activities of social partners, political parties, Intergovernmental Relations or Member State authorities.

Provisions for individual institutions

The European Comission: Members of the EU Commission may only meet stakeholders who are listed in the Transparency Register. Information on such meetings is published on the Europa website.

The European Parliament: Here, registration is a requirement for access to its facilities, for presentations at public hearings of parliamentary committees, or for participation in the work of intergroups or other unofficial grouping activities organized in the Parliament.

The EU Council: Again, an entry in the Transparency Register is required to gain access to its facilities, participation in thematic information and stakeholder meetings with the Secretary General and the Director General of the General Secretariat of the Council.

CONCLUSIONS:

Perhaps this initiative on EU level here would also be an occasion for the governing parties in the Federal Republic of Germany to think about the introduction of a corresponding transparency register in Berlin.

At present lobbyists of over 500 lobby organizations can freely go in and out without any registration or transparency in the Bundestag!

Agreements and rules who when how with whom why access receives keeps the Bundestag administration as before under lock and key: a – as I find – sustainably intolerable condition! The citizens of the Federal Republic of Germany are deserving of more transparency from their government.

Excessive monitoring and performance checks of employees due to the use of products from U.S. IT corporations are increasingly leading to unlawful restrictions on employee rights and violations of applicable data protection regulations in Germany as well.

While Microsoft responded early to concerns about questionable functions in Office 365, authorities objected to Amazon’s use of certain software. Microsoft had added an additional analysis function called “Workspace Analytics” to its “Microsoft 365” software package in an update. This made it possible to calculate a productivity score for individual employees. This value includes, for example, information on how many e-mails or messenger messages the individual employees send each day or how often they save files in the Microsoft Cloud or share these data with external persons. Also technical details, such as the use of slower conventional hard disks instead of the faster SSD. Data on the length of time webcams are activated during video conferences is also recorded here.
However, Microsoft backed down and improved the update accordingly after data protectors intervened. The Productivity Score will then only be available in summarized form at company level, so that it will no longer be possible to draw direct conclusions about individual employees.
Amazon’s reaction, however, is different. The data protection commissioner of Lower Saxony has expressly prohibited Amazon from using controversial monitoring and performance control software.
With the help of the software, every scanning process that employees perform when storing or removing products is automatically transferred to the foremen’s devices and displayed there. This enables them to monitor each individual work step in real time and, for example, to recognize directly if an employee briefly interrupts his usual work rhythm. This comprehensive data is also used to create detailed employee profiles. Amazon sees no problem at all in the use of the performance monitoring software and will not accept the authority’s decision.

In my opinion, this legal opinion does not correspond to the fundamental legal templates of the GDPR. A data protection impact assessment required when using this software according to Art. 35 GDPR would certainly confirm this. After all, the necessity and proportionality of the use of this software in relation to the purpose, the risks to the rights and freedoms of the data subjects must be assessed. This software is thus tantamount to total surveillance, which certainly contradicts the fundamental idea of Article 1 of the German constitutional Law, and thus an essential aspect of the core of the fundamental right to informational self-determination.

on security and liability of the EU Commission to the European Parliament, the Council and the European Economic and Social Committee of 19.2.2020

This report was published together with the White Paper on Artificial Intelligence – a European concept for excellence and trust – by the EU Commission on 19.2.2020. This report analyses the relevant current legal framework in the EU. It examines where there are uncertainties regarding the application of this legal framework due to the specific risks posed by AI systems and other technologies. The report concludes that current product safety legislation already supports an extended approach to protect against all types of risks posed by the product depending on its use. However, in order to provide greater legal certainty, provisions could be included that explicitly address newer risks associated with the new digital technologies. In summary, the report could be said to provide an outlook on the expected legal regulations at EU level for the next few years in the field of AI systems and there in particular with regard to the associated security and liability issues. Here, the report distinguishes between two main areas of regulation, product safety regulations and questions regarding the existing liability frameworks for digital technologies.

  1. Product safety regulations
    While the report concludes that current product safety legislation already supports an expanded concept of protection against all types of risks posed by a product depending on its use, it is not clear how this is to be achieved. However, to create greater legal certainty, provisions could be included which explicitly address new risks related to the new digital technologies.
    1. The autonomous behaviors of certain AI systems during their life cycle can lead to significant security-related changes in products, which may require a new risk assessment. In addition, it may be necessary to provide for human control from the design phase onwards throughout the life cycle of AI products and systems as a protective measure.
    2. Explicit obligations for manufacturers could also be considered, where appropriate, in relation to mental safety risks to users (for example, when working with humanoid robots).
    3. EU-wide product safety legislation could include both specific requirements to address the safety risks posed by incorrect data at the design stage and mechanisms to ensure that the quality of data is maintained throughout the use of AI products and systems.
    4. The issue of opacity of algorithm-based systems – the possibility of self-directed learning and self-directed performance improvement of some AI products – could be addressed by setting transparency requirements.
    5. In the case of stand-alone software that is marketed as such or downloaded into a product after it has been marketed, existing requirements may need to be adapted and clarified if the software has safety implications.
    6. Given the increasing complexity of supply chains in new technologies, provisions making cooperation between economic operators in the supply chain and users mandatory could also contribute to legal certainty.

  2. Liability regulations
    The characteristics of new digital technologies such as AI may challenge certain aspects of existing liability frameworks and reduce their effectiveness. Some of these features may make it difficult to trace the damage back to an individual, which would be required under most national rules to make fault claims. This could significantly increase costs for the injured party and make it difficult to pursue or prove liability claims against actors other than producers.
    1. Persons who must have suffered damage because of the use of AI systems will enjoy the same level of protection as persons who have been harmed by other technologies. At the same time, there must be enough room for further development of technological innovation.
    2. All options envisaged to achieve this objective – including possible amendment of the Product Liability Directive and possible further targeted harmonization of national liability laws – should be carefully considered. For example, the Commission invites comments on whether and to what extent it might be necessary to mitigate the consequences of complexity by changing the rules on the burden of proof for damages caused by the operation of AI applications as provided for in national rules of conduct.
    3. In the light of the above comments on the liability framework, the Commission concludes that, in addition to the possible adaptation of this existing legislation, new legislation specifically targeted at AI may be necessary to adapt the EU legal framework to current and expected technological and commercial developments.

    The White Paper identifies the following areas as possible additional regulatory points:
    • A clear legal definition of AI
      A risk-based approach should be taken here, i.e. there should be AI applications with high or low risk. Here, regulatory efforts should be concentrated on those applications with high risk, so as not to cause disproportionately high costs for SMEs. Criteria for the risk class should be the question whether the AI application is used in a sector where, due to the nature of the typical activities, significant risks are to be expected. The second criterion is whether the AI application is used in a sector in which significant risks are to be expected.
    • Key features
      The requirements for high-risk AI applications can relate to the following key features: Training data, data and record retention, information to be presented, robustness and accuracy, human oversight, special requirements for certain AI applications, for example, remote biometric identification applications.
    • Addressees
      Many actors are involved in the life cycle of an AI system. These include the developer, the operator, and possibly other actors such as manufacturer, dealer, importer, service provider, professional or private user. The Commission believes that in a future legal framework, the individual obligations should be the responsibility of the actor(s) best able to manage potential risks. For example, AI developers may be best placed to manage the risks arising from the development phase, while their ability to control risks in the exploitation phase may be more limited. The Commission considers it essential that the requirements apply to all relevant economic operators offering AI-based products or services in the EU, whether they are established in the EU or not.
    • Compliance and enforcement
      Given the high risk that certain AI applications represent overall, the Commission considers at this stage that an objective ex-ante conformity assessment would be necessary to verify and ensure that certain of the above-mentioned mandatory requirements for high risk applications are met. An ex-ante conformity assessment could include procedures for testing, inspection, or certification. This could include a review of the algorithms and data sets used in the development phase.

      a) Governance
      A European governance structure for AI, in the form of a framework for cooperation between the competent national authorities, is necessary to avoid fragmentation of responsibilities, to strengthen the capacities in the Member States and to ensure that Europe gradually equips itself with the capacities needed for the testing and certification of AI-based products and services
  1. Conclusion
    Even though the considerations made by the EU Commission in the White Paper and in the report on the impact of artificial intelligence on the adaptation of the legal nationally different existing regulations regarding artificial intelligence are still at a very unspecific stage and still in the middle of the political discussion, the following can be stated
    1. With an adapted or supplementary legal regulation on EU level regarding the questions of product safety (i.e. market access requirements) as well as regarding the reorganization of liability issues in connection with AI systems, it can be assumed with some certainty that this will happen in the course of the next few years.
    2. Especially AI vendors should be prepared for the fact that the algorithm must be transparent, verifiable, and finally meet certain certification requirements. In addition, an extended liability and thus responsibility of the AI provider that goes beyond the known extent of product liability, for example with regard to responsibility for supply chains and complex products, is certainly to be expected. As a result, this will only be associated with changed, more transparent development processes and extended responsibility, i.e. considerably higher costs for the corresponding insurance cover.

On December 9, 2020, the EU Commission intends to announce a series of new planned competition and antitrust regulations to improve the control of technology groups, particularly the major Internet platforms.

In a report published on November 19, 2020, the EU Court of Auditors also urges the improvement of corresponding EU regulations. In particular, the report criticizes the fact that two antitrust proceedings against Internet platforms already exist under current law, but that enforcement here leaves much to be desired.

Although the EU Commission has opened antitrust proceedings against Google, these have been still pending before the European Court of Justice for more than three years without a decision.

Already a few weeks ago, the contents of the planned new EU regulations – the so-called Digital Services Act – were leaked, so I would like to give you a short list of the intended regulations in the following

1. Exclusive use of data

Large online platforms could be banned under the EU Digital Services Act from using collected User Data if it is not made available to smaller platforms. The activities of so-called “gatekeeper” platforms such as Google, Amazon and Facebook will be discussed in particular. These large corporations have a disproportionately high degree of economic power and control over the online world and can therefore participate in deciding “at the gate” who may enter the market.

According to the new regulation, gatekeepers are only allowed to use data

  • which is produced on the platform itself
  • or which are generated and collected on other services of the donors

for their own commercial purposes if it is also made available to other commercial users.

2. Rankings

Furthermore, online search engines are to be prohibited from displaying their own services preferentially and in an exposed position. This regulation represents a considerable tightening of the previous EU regulation from July 2019. In this regulation, search engines were only obliged to make it clear and transparent if they give preference to their own products and services.

3. Freedom of choice and Pre-installation

Equally, e-commerce giants will be prohibited in the future from restricting the ability of business users to offer the same goods and services to consumers under different conditions through other online intermediary services. It will also be prohibited for large companies to pre-install only their own apps on hardware systems. It must also be possible for consumers to uninstall applications that have already been pre-installed by the manufacturer.

4. Einführung einer sogenannten „Grauen Liste“

Furthermore, the EU Commission intends to introduce a so-called “grey list” of activities that the executive considers unfair and which may therefore require increased supervision by a competent authority in the future. According to this list, the platform giants are not allowed to prevent third parties from accessing essential information about customers and are instructed not to collect personal data beyond what is necessary to provide their services.

It ultimately remains to be seen in what concrete form the EU Commission will now present these regulations in December 2020. However, it can certainly be expected that intensive lobbying by the major Internet groups, as has already happened several times in the past, will result in some changes and public discussion before the final adoption. It remains – as so often in life – thus further exciting.

What is the reason behind this?

In a judgement, the German Federal Supreme Court confirmed the imposition of a fine by the German Federal Cartel Office against Facebook. Although the judgement of the German Federal Supreme Court was issued more than two months ago, I would like to take up the issue again here and draw attention to two problems that are made clear in this decision.

1ST PROBLEM:

First, it should be noted that this decision will not have any legal consequences for everyday life and behaviour on and with Facebook at the moment.

This is simply due to the fact that the judgement is a summary proceeding. In these summary proceedings, the court decided on a fine imposed on Facebook by the German Federal Cartel Office in 2019.

Here is the first point of criticism: the length of time the summary proceeding lasted!

Before the fine was imposed, the Federal Cartel Office had already investigated for 3 years. This so-called summary proceeding took more than 4 years until it became legally binding!

This appears to be extremely problematic, especially in disputes related to the digital economy, because economic power in digital markets establishes itself quickly.

Facebook, on the other hand, now has the opportunity to have the decision on the main proceedings reviewed intensively once again. It is possible that the German Federal Supreme Court will also seek an opinion from the European Court of Justice in the proceedings, which would mean years of main lawsuits, without any legally binding final decision.

Here the legislator is undoubtedly called upon to ensure effective legal protection!

2ND PROBLEM:

The second important aspect of this decision is that the German Federal Supreme Court did not adopt the substantive justification of Facebook’s dominant position – as in the original decision of the Federal Cartel Office. The German Federal Supreme Court has NOT based its decision on a violation of the German Data Protection Act as a violation of antitrust law but has instead classified Facebook’s terms and conditions as questionable under antitrust law.

In doing so, the German Federal Supreme Court avoids deciding on the question of whether a violation of the European Data Protection Act can in principle constitute a violation of antitrust law. Sooner or later, the German Federal Supreme Court will not be able to ignore a statement on this question. Because the essential point of the problem is that the European Data Protection Act does not want to protect private personal data against an excessively encroaching state, but against the economic interests of the internationally very well positioned Internet platforms! Their business model consists precisely in generating sales through the intelligent use of personal data.

In conclusion, we can say:

Since we are only at the beginning of the intensive highest court clarification of legal questions on the application and scope of the European Data Protection Act, the German Federal Supreme Court will sooner or later have to take a clear position on this issue! In essence, the question is whether the field of protection of fundamental rights, which is part of public constitutional law, also applies directly to legal relations with Internet platforms in the private sector under civil law.

In its latest decision the European Court of Justice declares the Privacy-Shield-Agreement to be ineffective. Essentially, it justifies this on the basis of US security laws, which grant the authorities extensive access to data of EU citizens without significant restrictions and without judicial control being possible.

At the same time, the European Court of Justice also decided on the standard data protection clauses by which a data importer in a third country gives a contractual assurance to a European company that data transmitted to it will be processed in accordance with EU data protection standards.

In principle, these standards should continue to apply, as long as the laws of the destination country allow the data recipient to comply with these data protection clauses. Since companies in the USA are legally obliged to make their data available to state authorities on a large scale, the European data protection authorities are obliged to suspend or prohibit the transfer of data based on these data protection clauses in such countries.

This has a major practical impact on the international exchange of data!

Data transfers to the USA are now in breach of data protection laws if they are made exclusively on the basis of a Privacy Shield certification. This covers not only transfers to contract processors, i.e. Cloud Service Providers, but also those within a group or to business partners for whom at least part of the data processing is performed in the USA.

The use of software tools where at least part of the data processing takes place in the USA as well as the internal data flows to US Group companies have to be checked.

The European Court of Justice indicates that this is not an adequate level of protection in the USA due to the uncontrolled monitoring powers of the security authorities.

The only data that remains allowed is that which is necessary for the performance of a contract or for the implementation of pre-contractual measures with the person concerned. Communication with American customers or hotel bookings in the USA are still allowed.

Equally not directly affected is the use of US service providers if the service is provided entirely in European data centers. This is now the case with large hosting and cloud providers (e.g. Amazon Cloud) from the USA, for example, as they have server locations in Europe.

In practice, therefore, the only way forward for the time being is to use standard data protection clauses which ensure a certain degree of legal certainty. In addition, however, there is certainly still a great deal of uncertainty regarding the additional examination of the level of data protection in the country of the data recipient, which is still necessary.

It therefore remains to be seen how other data protection authorities in Germany and the EU position themselves on the question of the legally compliant use of standard contractual clauses for data transfers to the USA. A renewed attempt to establish a follow-up regulation to the Privacy Shield would be a conceivable option.

However, this agreement would have to include significant restrictions of the American security laws and an expansion of the legal protection options for EU citizens. This does not seem very promising. The USA will not change its security laws because of EU data protection concerns!

As a result, in practice, there is no choice but to await further action from the European Commission and recommendations from data protection authorities. Announcements to this effect have already been made by both the European Commission and the European Data Protection Committee (EDSA). So, unfortunately, as so often we have to wait and see…

Twitter had gone over to mark fake news and false claims in his published tweets. In doing so, Twitter wanted to make it clear that Twitter was questioning the truth of some content.

This was also done to the successful Twitterer Donald J. Trump who has more than 85.5 million followers. He directly saw this as a censorship of his expression of opinion and threatened to abolish the previous freedom from liability for illegal content on the platforms.

This action would have fatal consequences and would be a dramatic deterioration in the legal position of the Internet platforms. Because if they were actually liable for illegal content of their users themselves, a change in business models and the introduction of upload filters would lead to the fear of a significant censorship of the content.

The question if Trump is able to do this constitutionally by presidential decree is not to be discussed here.

I also found the published position of Mark Zuckerberg of Facebook on this issue extremely interesting. This becomes clear by the following statement of him: “I do not believe that Facebook and other platforms should be judges of truth!”

Jack Dorsey, CEO of Twitter, responded: “I don’t want to judge the truth, I want to enable people to form a free opinion based on facts!

And right in the middle of all this, Donald J. Trump, who strongly believes that everything he says is true and factual.

I suppose it is worth thinking about the terms: fact, opinion and truth.

In the constitutional law of Western democracies, freedom of expression and freedom of the press are traditionally established as very high legal values.

In press law, a fundamental difference is made between opinion and fact in the form that facts are in principle accessible to objective, scientific proof. In contrast, an expression of opinion is characterized precisely by the fact that it is not verifiable, but rather is the result of an individual, intellectual, subjective process that is not subject to verification.

Fortunately, this broad definition of freedom of expression is consistently represented and protected by the Federal Constitutional Court. An evaluation of opinion in terms of content is forbidden, quite in keeping with Voltaire, the pioneer of the French Revolution and civil freedom.

Freedom of expression in the public space is exactly the right to express and say what others do not want to hear!

Legally problematic now is the definition of the concept of truth. Here we leave the justiciable constitutional right range and enter the philosophically, religiously shaped world view range.

The truth is to be classified as best as:

a verifiable fact in its most convincing form.

But if we look at it this way, then it is a verifiable fact and no longer a truth.

This means that when we speak of truth, it always contains an element of subjective confidence. For subjective belief, whether ideological or religious, is a characteristic of the definition of opinion in the constitutional sense. Strangely enough, we are dealing with a concept of truth that contains elements of fact as well as elements of the concept of opinion with its subjectivity.

This reminds me in an impressive way of a quotation from Friedrich Nietzsche, who described truth as something other-as something always also bipolar. “Pain is always a pleasure, curse always a blessing, night also a sun and a wise man also a fool[…]” (Source: So said Zarathustra p. 402)

After these realizations it remains to be stated surprisingly that one must quite agree with Donald J. Trump, when he says that everything he said is true. Nevertheless, this is only his own, individual, highly personal truth.

But if he claims facts, he cannot refuse the necessity to prove them.

Again, and again we read or hear: “The ECJ has decided” or “[…] the ECJ has today in its decision strengthened the rights of consumers in the EU” or something similar.

The questions that come to mind are in such a case:

  • What legal effect does the decision have for me as a citizen of the FRG or any other member state?
  • Must all courts in the Eu-states now base their decisions on this verdict?
  • What function and legal effects do ECJ rulings actually have?

For this purpose, let us first consider the original competences of the ECJ?

  1. The ECJ is responsible within the EU for all findings of EU treaty violations by Member States.
    This means that the ECJ makes legally binding decisions on whether a state has violated EU treaties. For instance, in the case of the ancillary copyright law for press publishers introduced by the Federal Republic of Germany into its Copyright Act legislation.
    For example: In this case, the FRG violated EU treaty law with the consequence that these rules of the German Copyright Act legislation are invalid! (If a matter is to be regulated by an EU directive – as here – then a member state cannot simply make its own national regulation!)

  2. The ECJ is also responsible for the questions whether a state has violated the human rights of an EU citizen as laid down in the EU Human Rights Convention by its actions. Here, too, a judgment of the ECJ immediately leads to the ineffectiveness of the member state’s actions or its applied regulations!
    For example: The FRG had to change its custody regulations after the father of an illegitimate child, who paid alimony and insisted on his right of contact filed his case at the ECJ. According to the legal situation at that time, the mother could prohibit him the right of contact in principle. The father had lost before all German courts, including the German Constitutional Court. Or the case of the law student from Vienna named Schremp , who saw his EU human rights affected by the practice at the time – based on the Safe Harbor Agreement – of exchanging personal data between the EU and the USA. In this case, the decision of the ECJ led to the immediate invalidity of the Safe Harbor Agreement and therefore to the immediate illegality of the entire exchange of data between the USA and Europe.

But what happens now in cases where national supreme courts, such as the Federal Supreme Courts, appeal to the ECJ?

This only happens in cases where the decision of the national court has to be based on the interpretation of a standard which has originated in an EU directive. Here there is a declared political will to ensure uniform legal practice in Europe in the interpretation of EU directives. How does this happen now? Well, if the ECJ has to decide a case involving a corresponding standard, it makes a so-called referral order to the ECJ with questions on the interpretation of the standard.

This court examines the questions presented in the light of expert opinions and answers them in the form of a decision.

This is now the decision of the ECJ, of which we read in the media!

This decision goes back to the national court, which now has two options:

  • It agrees with the opinion of the ECJ and decides its case on the basis of this interpretation.

Or

  • It does not agree with the interpretation and decides otherwise.

The result is that the ECJ is not legally binding in relation to the national courts, as the highest instance at the EU level.

The autonomy of the national courts is not affected, so that this also applies here: Only in the constellations mentioned in 1. and 2. does the ECJ have binding effects and powers in relation to the Member States and their citizens. In all other legal matters, the national autonomy and independence of the courts remains.

New Year- New Semicolon – New Knowledge!

On 23.02.2021 it’s that time again. In cooperation with Mr. Martin Boßlet (independent consultant with focus on security, web and enterprise applications, lecturer for cryptography as well as programming languages and for various topics in the field of web development)

I will give a lecture on the following hot topic at Semicolon about:

Cybersecurity:

an ever-growing challenge for companies
of any industry and size

Semicolon offers free monthly live webinars for executives as a meeting place for IT specialists who make decisions and bear responsibility.

After our presentation, Mr. Boßlet and I will of course be available to answer your questions in the Zoom meeting room. There you can also exchange ideas with the other participants. The event is free of charge and free of advertising!

I look forward meeting you and if you don’t have time to spare, you are welcome to watch the presentation as usual here.

In my seminars on copyright law I have come across this question again and again in the recent months. The occasion was the discussion about the new EU Copyright Directive, which was decided on in the summer of 2019 with a lot of excitement in public.

Keywords were upload – filter and direct liability of platform operators for copyright violations by their users.

The Main focus of the directive is the Europe-wide introduction of ancillary copyright for press publishers and the establishment of direct liability of the platform operators. Both are already applicable law in the FRG.

But what legal binding effect does an EU directive have?

It is important to know that an EU directive comes into being in the so-called TRILOG procedure at EU level, i.e. with the participation of the three institutions of the EU:

  1. The EU Council, i.e. the assembly of the heads of governments of the EU Member States. This also convenes at ministerial level. The EU Council is the political leadership of the EU and the principle of unanimity applies. This is also the reason why the EU cannot take any political decisions currently, because I almost no political question unanimity can be reached.
  2. The EU Parliament, which is larger than any national parliament and directly elected.
  3. The EU Commission as the administrative arm of the EU, which is basically responsible for ensuring uniform economic conditions in the EU and has been given extensive powers in this regard.

So how does the TRILOG procedure typically work?

The EU Council decides that in one area, e.g. data retention, it makes sense to install a uniform Europe-wide regulation. The Council then instructs the EU Commission to prepare a corresponding directive.

The EU Commission then develops the proposal for an EU directive with the participation and consultation of the associations and lobbyists concerned and then submits it to the EU Parliament for the first vote.

In the EU Parliament, this blueprint is then supplemented, amended and expanded and, after the conclusion of the parliamentary discussion, is put to the first vote.

This version is then submitted to the EU Council for final examination. The Council can make deletions and amendments and must then vote again.

The version modified in this way is then put back to the EU Parliament for the 2nd vote. The EU Parliament must then vote, without being able to change the content of the directive in any way.

If this vote is positive, then it is finally there the final EU directive!

What does that mean for us now?

According to the EU Agreements, this directive is now not directly applicable in the Member States as binding law, but merely triggers the obligation of the Member States to incorporate this directive into their respective national law.

This means that each state must now start its national legislative procedure and incorporate the directive into its national law, e.g. the Copyright Act. Unfortunately, there is no guarantee that this will actually be implemented! The EU can only impose penalties if a state does not implement the directive within a period of 3 – 5 years.

No EU head of state risks political problems “at home” just to implement an EU directive. It should not surprise us that especially the FRG does not implement all EU – directives into national law!

So, in the result you have to state that an EU – directive will never be directly legally binding for a citizen of a member state!

ODSC East 2020 online conference
from 13.04.2020 to 17.04.2020 in Boston, MA, USA

ODSC East 2020 is one of the world’s largest conferences for AI data science. This year it was successfully converted from a face-to-face conference to a digital conference at short notice due to the worldwide Corona Pandemic.

Speakers include some of the key contributors to many open source tools, libraries and languages. At ODSC East 2020, the latest AI and data science topics, tools and languages were explained and discussed by some of the greatest and smartest minds in the field. It is the conference to engage, build, evolve and learn from the entire data science community.

In this context, I had the privilege to be a speaker in cooperation with Dr. Volker Hadamschek (BASF Digital Farming GmbH) at this conference with the title: GDPR in Action- Does It Work?

We wanted to show that implementing these requirements for doing business in Europe has proven to be much easier than expected. To this end, we gave an insight into real life, accompanied by legal expertise on how the GDPR requirements were implemented in the digital farming sector at BASF. Dr. Volker Hadamschek is data protection officer at BASF Group, which is the world’s largest chemical company.

The main focus was on the following key issues:

  • How does the GDPR implement data protection requirements?
  • What is the risk if I do not ensure compliance with the GDRP?
  • How do I efficiently implement the GDPR requirements?
  • Why are Mark Zuckerberg and Tim Cook promoting GDPR as a blueprint for US data protection regulation?

In addition to the economic aspect, Geoffrey Hinton and other leading scientists have also stressed the urgent need for data processing regulations. We pointed out that GDPR provides an important piece of the puzzle to ensure that data is used for good. We also discussed the echo on GDPR in the US, Canada and Brazil, but our focus was on EU data protection rules (GDPR). The focus of the presentation was to present the practical challenges in a solution-oriented way. In this way, my contribution brought great added value to the digital audience of practitioners.

This conference was also a highlight of my career as a speaker so far. It was incredibly inspiring to see how all those people, despite many difficulties, still came together digitally to talk about future perspectives. If you are also interested in this presentation click here; then you can read it again at your leisure.

Therefore no more long-term planned events will take place this year for me.

But as soon as I have a new, exciting project, I will inform you about it here as soon as possible and I am looking forward to it and to you again.

German Congress of CIO`s

The DITL is the largest specialist congress for IT decision-makers and IT managers in Germany. This year it took place from 28th – 30th October in Duesseldorf. I had the pleasure to be a speaker on the following topic:

GDPR: One year later – What has been achieved? What is still to be done?

The visitors of the congress were able to discuss the benefits and success of the GDPR with me – after I had given a detailed conclusion. The GDPR is now a year old and caused much uncertainty.

In this context, I also provided hints on how to act legally.

Here you can find the presentation of my lecture.

At this year’s SETI 4.0 I was asked to examine and question the EU-GDPR once again. So I was a speaker with the following topic at this online conference:

1 year of CDPR- an intermediate report for Moscow

If you prefer to read this presentation, you can find it here.

Who Cares About Data Privacy?

Click on the following link to find my publication, which I wrote together with Mr. Hadamscheck from BASF for the independent ODSC blog.

Here you can find the publication.

Disclaimer: All of the following Statements are based on the German Law.

Over and over again you can see in job advertisements or during the preparation for a job interview that the company advertising the job points out that they unfortunately cannot cover the costs for the job interview. This raises the question: How do I as an applicant deal with this situation? There is hardly any other legal question on which the German courts are as unanimous as on this question.

According to § 670 BGB the inviting company has to cover the costs!

Why?

Well, of course § 670 BGB does not say anything directly about the costs of introduction but § 670 BGB says:

If, for the purpose of executing an order for the principal, which is solely in the interest of the principal and the agent hasn´t been explicitly ordered to do so , the agent incurs expenses which he may consider necessary under the circumstances, the principal  is obliged to pay compensation.

This means that if someone does something for someone else, without a specific order, he must be refunded the expenses made. The only condition is that the transaction is carried out exclusively or at least predominantly in the interest of the other (the principal) and that the person carrying out the transaction has not acted only in his own interest.

Here is a typical example for §670 BGB: Your neighbour goes to the Caribbean for diving and is also not reachable by telephone. Then a pipe burst occurs in his apartment. As a responsible neighbour you take care and hire a plumber and you also have other expenses. As you are the contractual partner of the plumber, you also have to pay him. But don’t worry according to § 670 BGB you only have to wait until your neighbour is back from his holiday safely and then he has to give you a refund of all costs. Regardless of whether he wants to or not. These expenses are only in his interest and not in your own.

Now back to the topic. This is exactly how the courts assess the interests at a job interview. The courts are of the opinion that it is in the exclusive or at least predominant interest of the inviting company to improve its business processes with qualified employees and therefore ultimately increase its profit.
But Caution: If I am informed before the journey to the interview that the costs will not be covered and I go to the interview anyway as an applicant, then this is a legally valid waiver of my claim under § 670BGB.

PRACTICE TIP:

  1. the question of costs should never be asked by the applicant during the preparation for the interview, but simply lay out the costs and drive to the interview.
  2. only when the final refusal comes, these costs are then claimed.
  3. claims arising from § 670 BGB will only become statute-barred after 3 years. So, time enough!

Now my personal point of view: I can’t understand why companies with high staff turnover or filling simple mini-jobs are charging applicants with these costs for an interview. For companies these costs are a marginal expense. However, these costs are a heavy burden for the individual applicant who is in an economic emergency situation, as he may need a new job or want to develop further. He may have to go through several interviews and these costs always represent a much higher proportion of his available income than for the inviting company.

In November 2018 I was invited by the Institute of Linguistics, Russian Academy of Sciences and The Institute of Legislation and Comparative Law under the Government of the Russian Federation to conduct the International Scientific and Practical Conference. The theme of the conference was: “A new culture of communication in the context of digital and sociocultural globalization: law, media and national identity.

My presentation, which I was allowed to give, was titled:

A first attempt to regain the legislative and social sovereignty of the European states vis-à-vis the international corporations that dominate the Internet.

If you would like to read this presentation, you can find it here.

Copyright- a jungle of legal traps? Not at all!

Together with lawyer Michael Lanzinger and Andreas Schwarzlmüller from Frameblending located  in AustriaI I recorded an audiobook on this topic. We have taken a closer look at important subjects, questions and even myths surrounding this area of law.

Link to the audio book: https://smartesmarketing.com/urheberrecht

Cologne Conference on Security in Information Technology

At KISK (CCSIT) 2017 I was one of the speakers on this topic:

The new EU data protection basic regulation
All new? Or just old wine in new bottles?

I am happy to make the entire presentation available to you here.

Previous projects:

New Year- New Semicolon – New Knowledge!

On 23.02.2021 it’s that time again. In cooperation with Mr. Martin Boßlet (independent consultant with focus on security, web and enterprise applications, lecturer for cryptography as well as programming languages and for various topics in the field of web development)

I will give a lecture on the following hot topic at Semicolon about:

Cybersecurity:

an ever-growing challenge for companies
of any industry and size

Semicolon offers free monthly live webinars for executives as a meeting place for IT specialists who make decisions and bear responsibility.

After our presentation, Mr. Boßlet and I will of course be available to answer your questions in the Zoom meeting room. There you can also exchange ideas with the other participants. The event is free of charge and free of advertising!

I look forward meeting you and if you don’t have time to spare, you are welcome to watch the presentation as usual here.

ODSC East 2020 online conference
from 13.04.2020 to 17.04.2020 in Boston, MA, USA

ODSC East 2020 is one of the world’s largest conferences for AI data science. This year it was successfully converted from a face-to-face conference to a digital conference at short notice due to the worldwide Corona Pandemic.

Speakers include some of the key contributors to many open source tools, libraries and languages. At ODSC East 2020, the latest AI and data science topics, tools and languages were explained and discussed by some of the greatest and smartest minds in the field. It is the conference to engage, build, evolve and learn from the entire data science community.

In this context, I had the privilege to be a speaker in cooperation with Dr. Volker Hadamschek (BASF Digital Farming GmbH) at this conference with the title: GDPR in Action- Does It Work?

We wanted to show that implementing these requirements for doing business in Europe has proven to be much easier than expected. To this end, we gave an insight into real life, accompanied by legal expertise on how the GDPR requirements were implemented in the digital farming sector at BASF. Dr. Volker Hadamschek is data protection officer at BASF Group, which is the world’s largest chemical company.

The main focus was on the following key issues:

  • How does the GDPR implement data protection requirements?
  • What is the risk if I do not ensure compliance with the GDRP?
  • How do I efficiently implement the GDPR requirements?
  • Why are Mark Zuckerberg and Tim Cook promoting GDPR as a blueprint for US data protection regulation?

In addition to the economic aspect, Geoffrey Hinton and other leading scientists have also stressed the urgent need for data processing regulations. We pointed out that GDPR provides an important piece of the puzzle to ensure that data is used for good. We also discussed the echo on GDPR in the US, Canada and Brazil, but our focus was on EU data protection rules (GDPR). The focus of the presentation was to present the practical challenges in a solution-oriented way. In this way, my contribution brought great added value to the digital audience of practitioners.

This conference was also a highlight of my career as a speaker so far. It was incredibly inspiring to see how all those people, despite many difficulties, still came together digitally to talk about future perspectives. If you are also interested in this presentation click here; then you can read it again at your leisure.

German Congress of CIO`s

The DITL is the largest specialist congress for IT decision-makers and IT managers in Germany. This year it took place from 28th – 30th October in Duesseldorf. I had the pleasure to be a speaker on the following topic:

GDPR: One year later – What has been achieved? What is still to be done?

The visitors of the congress were able to discuss the benefits and success of the GDPR with me – after I had given a detailed conclusion. The GDPR is now a year old and caused much uncertainty.

In this context, I also provided hints on how to act legally.

Here you can find the presentation of my lecture.

At this year’s SETI 4.0 I was asked to examine and question the EU-GDPR once again. So I was a speaker with the following topic at this online conference:

1 year of CDPR- an intermediate report for Moscow

If you prefer to read this presentation, you can find it here.

Who Cares About Data Privacy?

Click on the following link to find my publication, which I wrote together with Mr. Hadamscheck from BASF for the independent ODSC blog.

Here you can find the publication.

In November 2018 I was invited by the Institute of Linguistics, Russian Academy of Sciences and The Institute of Legislation and Comparative Law under the Government of the Russian Federation to conduct the International Scientific and Practical Conference. The theme of the conference was: “A new culture of communication in the context of digital and sociocultural globalization: law, media and national identity.

My presentation, which I was allowed to give, was titled:

A first attempt to regain the legislative and social sovereignty of the European states vis-à-vis the international corporations that dominate the Internet.

If you would like to read this presentation, you can find it here.

Copyright- a jungle of legal traps? Not at all!

Together with lawyer Michael Lanzinger and Andreas Schwarzlmüller from Frameblending located  in AustriaI I recorded an audiobook on this topic. We have taken a closer look at important subjects, questions and even myths surrounding this area of law.

Link to the audio book: https://smartesmarketing.com/urheberrecht

Cologne Conference on Security in Information Technology

At KISK (CCSIT) 2017 I was one of the speakers on this topic:

The new EU data protection basic regulation
All new? Or just old wine in new bottles?

I am happy to make the entire presentation available to you here.

This post is also available in: German