Abstract
Modern information systems reach a degree of complexity which is inscrutable for citizens. The transparency regulations of data protection law try to counteract this. However, it is unknown how effective these regulations are. To our knowledge, there is no convincing study on the state of corporate compliance with transparency regulations available. We set up a quantitative and qualitative study with a sample of 612 representative companies. We evaluated the transfer of personal data, the compliance with transparency requirements on commercial e-mails, and the compliance with requirements derived from the right of access. In the process, we took advantage of automated analysis with e-mail honeypots but used also individual assessments of information provided by companies. We found out that most companies do not transfer personal data without consent. Requirements on commercial e-mails are fulfilled as well. However, the situation of the right of access is much worse. Most information provided by companies is insufficient.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Christian Schulzki-Haddouti, “Zu kurz gekommen - Deutsche Datenschutzbehörden leiden unter Personalknappheit.” c’t Magazin 17 (2015), 76.
- 2.
Michael Ronellenfitsch, 41. Tätigkeitsbericht des Hessischen Datenschutzbeauftragten, (Wiesbaden: Beiträge zum Datenschutz, 2012), 184.
- 3.
Ronellenfitsch, 41. Tätigkeitsbericht des Hessischen Datenschutzbeauftragten, 186.
- 4.
Edgar Wagner, Datenschutzbericht 2012/2013 des Landesbeauftragten für den Datenschutz Rheinland-Pfalz, RP LT-Drs. 16/3569 (2014), 98.
- 5.
Alexander Dix, Datenschutz und Informationsfreiheit – Bericht 2014, (Berlin: Berliner Beauftragter für Datenschutz und Informationsfreiheit, 2014), 129.
- 6.
Reinhard Kreissl et al., IRISS Deliverable D5: Exercising democratic rights under surveillance regimes – Germany Country Reports. (2014), accessed March 23, 2016, http://irissproject.eu/wp-content/uploads/2014/06/Germany-Composite-Reports-Final1.pdf.
- 7.
XAMIT Bewertungsgesellschaft. Datenschutzbarometer 2015 – Datenschutz vor neuen Aufgaben, (2015), accessed March 23, 2016, http://www.xamit-leistungen.de/downloads/Files.php?f=XamitDatenschutzbarometer2015.pdf
- 8.
Bauer, Silvia. “Datenschutzrechtliche Compliance im Unternehmen,” in Compliance in der Unternehmerpraxis, ed. Gregor Wecker and Bastian Ohl, (Wiesbaden: Springer Fachmedien, 2013), 147–179.
- 9.
Thorsten Behling and Ralf Abel, ed., Praxishandbuch Datenschutz im Unternehmen, (Berlin: Walter de Gruyter, 2014).
- 10.
Thilo Weichert, Tätigkeitsbericht 2015–35. Tätigkeitsbericht des Landesbeauftragten für den Datenschutz Schleswig-Holstein, SH LT-Drs. 18/2730, (2015).
- 11.
Matthew L. Bringer, Christopher A. Chelmecki, and Hiroshi Fujinoki, “A Survey: Recent Advances and Future Trends in Honeypot Research,” in Int. Journal of Computer Network and Information Security 10 (MECS Publisher, 2012), 63–75.
- 12.
Abhishek Mairh et al., “Honeypot in Network Security: A Survey,” in Proc. of the 2011 Int. Conf. on Communication, Computing & Security ICCCS ‘11, (New York: ACM, 2011), 600–605.
- 13.
“Klassifikation der Wirtschaftszweige, (WZ 2008),” Statistisches Bundesamt, accessed March 23, 2016, https://www.klassifikationsserver.de/klassService/index.jsp?variant=wz2008
- 14.
“International Standard Industrial Classification of All Economic Activities (ISIC) Rev.4,” United Nations Statistical Division, accessed March 23, 2016, http://unstats.un.org/unsd/cr/registry/isic-4.asp
- 15.
„Unternehmen mit einer Website nach Beschäftigtengrößenklassen und Wirtschaftszweigen,” Statistisches Bundesamt, accessed March 23, 2016, https://tinyurl.com/destatis-Unternehmen-Internet
- 16.
“Bundesanzeiger”, accessed March 23, 2016, http://www.bundesanzeiger.de
- 17.
The selected groups are the ones with WZ 2008 code 11.0, 18.2, 45.1, 47.9, 55.1, 56.1, 58.1, 58.2, 59.1, 63.1, 63.9, 79.1, 86.9, 90.0, 92.0, 93.1, and 96.0.
- 18.
Peter Gola et al., BDSG Bundesdatenschutzgesetz: Kommentar, (München: C.H. Beck, 2012), § 34 Ref. 5.
- 19.
ECHR, 03.04.2007–62,617/00.
- 20.
ECHR, 02.09.2010–35,623/05.
- 21.
CJEU, 09.11.2010 - Joined Cases C-92/09 and C-93/09.
- 22.
CJEU, 07.05.2009 - C-553/07.
- 23.
BVerfGE 100, 313 (361).
- 24.
BVerfGE 65, 1 (43); BVerfG, NVwZ 2001, 185 (185); BVerfG, NJW 2006, 1116 (1117); BVerfG, NJW 2008, 2099 (2100).
- 25.
BVerfGE 65, 1 (45).
- 26.
Article 29 Data Protection Working Party, Opinion 4/2007 on the concept of personal data, 01248/07/EN WP 136, (2007), 11 ff.
- 27.
HessVGH, RDV 1991, 187 (188); Alexander Dix in: Spiros Simitis, Bundesdatenschutzsgesetz, (Baden-Baden: Nomos 2011), § 34 Ref. 17; Gola, BDSG, § 34 Ref. 9; Mallmann in: Simits, Bundesdatenschutzsgesetz, § 19 Ref. 21.
- 28.
Dammann in: Simits, Bundesdatenschutzsgesetz, § 2 Ref. 15.
- 29.
Gola, BDSG, § 34 Ref. 2.
- 30.
Dix in Simitis, Bundesdatenschutzsgesetz: § 34 Ref. 23; Gola, BDSG, § 19 Ref. 6.
- 31.
See Art. 6 (1) (b) and (c) of the directive 95/46/EC.
- 32.
Such as Sect. 4 (1a) Irish Data Protection Act, 1988: Not more than 40 days after compliance.
- 33.
Gola, BDSG, § 34 Ref. 16.
- 34.
CJEU, 07.05.2009 - C-553/07.
- 35.
Ibid.
References
Article 29 Data Protection Working Party. Opinion 4/2007 on the concept of personal data. 01248/07/EN WP 136, 2007.
Bauer, Silvia. “Datenschutzrechtliche Compliance im Unternehmen.” In Compliance in der Unternehmerpraxis, edited by Gregor Wecker and Bastian Ohl,147–179. Wiesbaden: Springer Fachmedien, 2013.
Behling, Thorsten, and Ralf Abel, eds. Praxishandbuch Datenschutz im Unternehmen. Berlin: Walter de Gruyter, 2014.
Bringer, Matthew L., Christopher A. Chelmecki, and Hiroshi Fujinoki. “A Survey: Recent Advances and Future Trends in Honeypot Research.” In: Int. Journal of Computer Network and Information Security, 63–75, MECS Publisher, vol. 10, 2012.
Dix, Alexander. Datenschutz und Informationsfreiheit – Bericht 2014. Berlin: Berliner Beauftragter für Datenschutz und Informationsfreiheit, 2014.
Gola, Peter, Rudolf Schomerus, Barbara Körffer and Christoph Klug, eds. BDSG Bundesdatenschutzgesetz: Kommentar. München: C.H. Beck, 2012.
Kreissl, Reinhard, Clive Norris, Xavier L’Hoiry, and Nils Zurawski. IRISS Deliverable D5: Exercising democratic rights under surveillance regimes – Germany Country Reports, 2014. Accessed March 23, 2016. http://irissproject.eu/wp-content/uploads/2014/06/Germany-Composite-Reports-Final1.pdf.
Mairh, Abhishek, Debabrat Barik, Kanchan Verma, and Debasish Jena. “Honeypot in Network Security: A Survey.” In Proceedings of the 2011 Inter-national Conference on Communication, Computing & Security ICCCS ‘11, 600–605. New York, NY, USA: ACM, 2011.
Ronellenfitsch, Michael. 41. Tätigkeitsbericht des Hessischen Datenschutzbeauftragten. Wiesbaden: Beiträge zum Datenschutz, 2012.
Schulzki-Haddouti, Christian. “Zu kurz gekommen - Deutsche Datenschutzbehörden leiden unter Personalknappheit.” c’t Magazin 17 (2015): 76–78.
Simitis, Spiros, ed. Bundesdatenschutzsgesetz. Baden-Baden: Nomos, 2011.
Statistisches Bundesamt. “Klassifikation der Wirtschaftszweige, (WZ 2008).” Accessed March 23, 2016. https://www.klassifikationsserver.de/klassService/index.jsp?variant=wz2008.
United Nations Statistical Division “International Standard Industrial Classification of All Economic Activities (ISIC) Rev.4.” Accessed March 23, 2016. http://unstats.un.org/unsd/cr/registry/isic-4.asp.
Wagner, Edgar. Datenschutzbericht 2012/2013 des Landesbeauftragten für den Datenschutz Rheinland-Pfalz. RP LT-Drs. 16/3569, 2014.
Weichert, Thilo. Tätigkeitsbericht 2015–35. Tätigkeitsbericht des Landesbeauftragten für den Datenschutz Schleswig-Holstein. SH LT-Drs. 18/2730, 2015.
XAMIT Bewertungsgesellschaft. Datenschutzbarometer 2015 – Datenschutz vor neuen Aufgaben. 2015. Accessed March 23, 2016. http://www.xamit-leistungen.de/downloads/Files.php?f=XamitDatenschutzbarometer2015.pdf.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Bier, C., Kömpf, S., Beyerer, J. (2017). A Study on Corporate Compliance with Transparency Requirements of Data Protection Law. In: Leenes, R., van Brakel, R., Gutwirth, S., De Hert, P. (eds) Data Protection and Privacy: (In)visibilities and Infrastructures. Law, Governance and Technology Series(), vol 36. Springer, Cham. https://doi.org/10.1007/978-3-319-50796-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-50796-5_10
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-56177-6
Online ISBN: 978-3-319-50796-5
eBook Packages: Law and CriminologyLaw and Criminology (R0)