On January 26, 2012, the German Data Protection Commissioners (“DPAs”) of the federal states Rhineland-Palatinate and Hesse held a joint press conference to present their views on the European Commission’s legislative proposal for a comprehensive reform of current EU data protection rules. The day before, the European Commission proposed replacing the existing EU Data Protection Directive 95/46/EC with a Regulation that would be directly applicable in all European Member States and therefore not require implementing legislation on the national level.
The two German Data Protection Commissioners indicated that they generally welcome the Commission’s goal of harmonizing and modernizing data protection in Europe, in particular with regard to online services, cross-border data transfers, and the application of EU law to data controllers that are established outside the European Union. According to the Commissioners, however, the Member States should maintain their authority with respect to other issues. For example, the DPAs believe that an over-arching Regulation would make it more difficult for German data subjects to exercise their constitutional rights before the German Federal Constitutional Court. The DPAs also criticized the idea of making the European Commission the ultimate supervisory authority with respect to data protection. They stated that the proposal was “unacceptable” given that the Commissioners are not elected democratically, but rather are nominated by their respective Member States then confirmed by the European Parliament.