A Study on Corporate Compliance with Transparency Requirements of Data Protection Law

Part of the Law, Governance and Technology Series book series (LGTS, volume 36)


Modern information systems reach a degree of complexity which is inscrutable for citizens. The transparency regulations of data protection law try to counteract this. However, it is unknown how effective these regulations are. To our knowledge, there is no convincing study on the state of corporate compliance with transparency regulations available. We set up a quantitative and qualitative study with a sample of 612 representative companies. We evaluated the transfer of personal data, the compliance with transparency requirements on commercial e-mails, and the compliance with requirements derived from the right of access. In the process, we took advantage of automated analysis with e-mail honeypots but used also individual assessments of information provided by companies. We found out that most companies do not transfer personal data without consent. Requirements on commercial e-mails are fulfilled as well. However, the situation of the right of access is much worse. Most information provided by companies is insufficient.


Compliance Transparency Right of access Data protection Privacy 


  1. Article 29 Data Protection Working Party. Opinion 4/2007 on the concept of personal data. 01248/07/EN WP 136, 2007.Google Scholar
  2. Bauer, Silvia. “Datenschutzrechtliche Compliance im Unternehmen.” In Compliance in der Unternehmerpraxis, edited by Gregor Wecker and Bastian Ohl,147–179. Wiesbaden: Springer Fachmedien, 2013.Google Scholar
  3. Behling, Thorsten, and Ralf Abel, eds. Praxishandbuch Datenschutz im Unternehmen. Berlin: Walter de Gruyter, 2014.Google Scholar
  4. Bringer, Matthew L., Christopher A. Chelmecki, and Hiroshi Fujinoki. “A Survey: Recent Advances and Future Trends in Honeypot Research.” In: Int. Journal of Computer Network and Information Security, 63–75, MECS Publisher, vol. 10, 2012.Google Scholar
  5. Dix, Alexander. Datenschutz und Informationsfreiheit – Bericht 2014. Berlin: Berliner Beauftragter für Datenschutz und Informationsfreiheit, 2014.Google Scholar
  6. Gola, Peter, Rudolf Schomerus, Barbara Körffer and Christoph Klug, eds. BDSG Bundesdatenschutzgesetz: Kommentar. München: C.H. Beck, 2012.Google Scholar
  7. Kreissl, Reinhard, Clive Norris, Xavier L’Hoiry, and Nils Zurawski. IRISS Deliverable D5: Exercising democratic rights under surveillance regimes – Germany Country Reports, 2014. Accessed March 23, 2016. Scholar
  8. Mairh, Abhishek, Debabrat Barik, Kanchan Verma, and Debasish Jena. “Honeypot in Network Security: A Survey.” In Proceedings of the 2011 Inter-national Conference on Communication, Computing & Security ICCCS ‘11, 600–605. New York, NY, USA: ACM, 2011.Google Scholar
  9. Ronellenfitsch, Michael. 41. Tätigkeitsbericht des Hessischen Datenschutzbeauftragten. Wiesbaden: Beiträge zum Datenschutz, 2012.Google Scholar
  10. Schulzki-Haddouti, Christian. “Zu kurz gekommen - Deutsche Datenschutzbehörden leiden unter Personalknappheit.” c’t Magazin 17 (2015): 76–78.Google Scholar
  11. Simitis, Spiros, ed. Bundesdatenschutzsgesetz. Baden-Baden: Nomos, 2011.Google Scholar
  12. Statistisches Bundesamt. “Klassifikation der Wirtschaftszweige, (WZ 2008).” Accessed March 23, 2016.
  13. United Nations Statistical Division “International Standard Industrial Classification of All Economic Activities (ISIC) Rev.4.” Accessed March 23, 2016.
  14. Wagner, Edgar. Datenschutzbericht 2012/2013 des Landesbeauftragten für den Datenschutz Rheinland-Pfalz. RP LT-Drs. 16/3569, 2014.Google Scholar
  15. Weichert, Thilo. Tätigkeitsbericht 2015–35. Tätigkeitsbericht des Landesbeauftragten für den Datenschutz Schleswig-Holstein. SH LT-Drs. 18/2730, 2015.Google Scholar
  16. XAMIT Bewertungsgesellschaft. Datenschutzbarometer 2015 – Datenschutz vor neuen Aufgaben. 2015. Accessed March 23, 2016. Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Fraunhofer Institute of Optronics, System Technologies and Image Exploitation IOSBKarlsruheGermany

Personalised recommendations