The Federal Data Protection Commissioner is warning that her data protection supervision of secret services will be withdrawn. “I learned from various conversations that the upcoming reform of the intelligence law provides for a comprehensive transfer of data protection supervision to the Federal Intelligence Service (BND), the Federal Office for the Protection of the Constitution (BfV) and the Military Counterintelligence Service.” (MAD) to the Independent Control Council (UKRAT), writes data protection officer Luisa Specht-Riemenschneider in a fiery letter to the federal government.
Advertisement
“An independent data protection control will be lost,” warns Specht-Riemschneider. “A position is independent only when it is institutionally independent.” This is not the case with the administrative control body of the UK Council, to which this task is to be entrusted. It is bound by directives and therefore “not institutionally independent”.
As a belated response to the Snowden revelations, among other things, the federal government established the UK Council in 2022. He is currently responsible for the BND and checks advance orders from the top of the foreign secret service for individual and mass surveillance measures. A preliminary report from the Bundestag supervisory committee responsible for this last year showed that the UK Council accepted almost all monitoring requests. According to Specht-Riemschneider, consideration is now being given to handing over overall data protection supervision within the federal government not only to the BND, but also to two other federal secret services.
Legal uncertainty and lack of transparency
Data protection officers don’t think so. She warns that transferring functions to UK councils “leads to legal uncertainty and a lack of transparency for both those affected and the controlling bodies.” The letter has now been published byThe transfer would “significantly impair uniform, comprehensive and independent data protection supervision” and therefore “would not meet constitutional requirements”.
With the project under discussion, “reviewing the data protection legality of serious encroachments on fundamental rights will be quite difficult and in some cases even impossible,” Specht-Riemschneider emphasizes. His current responsibility for the entire security sector means that he has an overall overview of all related offices, including security services and law enforcement officers. Until now, she has been able to see and control all their data processing. This enables it to control “exclusively the transfer of personal data between these authorities, i.e. at the level of sender and recipient”. This ability will be lost.
read this also
different responsibilities
According to Specht-Riemschneider, the change in responsibility also carries the risk that the same or similar IT systems, such as counter-terrorism or right-wing extremism files, “will be assessed differently by two different control bodies.” Finally, efficiency considerations also speak against a moratorium. The human resources required in UKRAT, at least for the BFV and MAD, “will have to be prepared at first in a cost and time-consuming manner”.
(No)
