The Federal Commissioner for Data Protection and Freedom of Information (BFDI) says that data security aspects of the visible parts of messenger services should be monitored using standardized testing methods. To this end, the office has developed a list of testing criteria for messenger front ends, which is available for public consultation for three months from Thursday. Anyone can comment on the details.
Advertisement
The catalogue includes mandatory, recommended and optional requirements for GDPR-compliant messenger front ends (and, where applicable, their compliance with the European Electronic Communications Code, EKEK). The catalogue is primarily intended to assist data protection authorities in their work, but it can certainly help companies review and improve their offerings.
260 pages full of details
document Detailed and over 260 pages thick. Its structure is basically based on the structure of the GDPR (General Data Protection Regulation). In some cases, backend requirements are also included, especially because it cannot always be meaningfully separated from the frontend. However, the focus is clearly on testing the messenger front end.
The terms MUST, SHOULD and CAN in the catalog are based on the definitions in RFC 2119. MUST is required for compliance with the GDPR. This also applies to SHOULD, although exceptions are possible in appropriate cases. The CAN criteria are reasonable for good data protection design, but any absence does not reduce the minimum requirements of the GDPR.
The catalogue was developed primarily by the French Institute of Applied Sciences in Lyon (INSA Lyon) and Professor Mathieu Cunche of the BFDI department. In statement Consultation outline The Federal Data Protection Commissioner would only like to receive it as a PDF form sent by email before November 15, 2024. Both expert users and “civil society” are expressly invited to comment on the test catalogue.
(DS)
