Data protection madness: when theory and practice collide

Data protection madness: when theory and practice collide

I normally write very neutral, factual articles in my blog on various topics relating to IT law, company law, media law and contract law. But today I just have to let off steam and publish this column-like blog post. As an IT lawyer who deals with data protection law on a daily basis, excessive data protection concepts sometimes drive me crazy.

I’m constantly annoyed by the same old cookie banners, the pointlessly bloated privacy policies that nobody reads anyway, and many other things that make work (even if I earn money from them) but ultimately don’t add any real value to data protection. Sometimes I wonder whether we haven’t lost our way in a data protection labyrinth where we can no longer see the wood for the trees.

Don’t get me wrong: data protection is important and the GDPR has improved many things. But sometimes we simply overshoot the mark. Instead of getting lost in theoretical worst-case scenarios, we should proceed pragmatically and with a sense of proportion. Cookie banners just annoy users, nobody reads long privacy policies anyway and the fear of the cloud is often irrational.

The irony of data protection advocates

Time and again, I come across pushy data protection advocates who complain on Facebook, LinkedIn or other social networks about a lack of data protection awareness – and overlook the irony. These people seriously believe that with a SaaS service – no matter how strict the terms and conditions are – someone could theoretically access the data. At the same time, however, they send e-mails or letters by post, which of course – in theory – nobody COULD read. The same applies to hosting services on secure AWS or Azure instances. Supposedly, you should then use your own server, which you can of course secure much better against hackers or the NSA than any cloud solution. Who can believe it!

It’s amazing how some people willfully ignore the data protection risks associated with the services they use themselves, while swinging the data protection club at others. They often forget that their own data is also stored and processed somewhere – be it with their email provider, their mobile phone provider or in social networks.

Data protection with a sense of proportion

My appeal: Let’s stop outbidding each other with absurd data protection demands. Let’s concentrate instead on strengthening the rights of those affected, without imposing restrictions on companies and users. Transparency, clear rules and a pinch of common sense will get us further than scaremongering and fantasies of bans.

Data protection is not an end in itself, but should protect people’s privacy. If we lose sight of this, we will end up in a data protection maze in which no one will be able to find their way around. I therefore advocate a pragmatic, solution-oriented approach that takes into account the interests of all parties involved. This is the only way we can really advance data protection – without getting lost in theoretical discussions.

Outlook: Data protection trends 2024

Even if some excesses of data protection are annoying, the overall trend is clearly moving towards more data protection and privacy. This is also shown by the data protection trends for 2024:

• Artificial intelligence and data protection will collide more frequently. This is because AI systems need huge amounts of data for training – including personal data. A balance must be struck here between innovation and privacy.
• Data protection is moving into the focus of investors and supervisory authorities. Companies must prove that they adequately protect the data of their customers and employees. Otherwise there is a risk of hefty penalties and damage to the company’s image.
• Enforcement of data protection laws is increasing. Although progress is slow, the authorities in the USA and Europe are increasingly imposing fines on data protection offenders. Consumer complaints are also on the rise.
• Companies are expanding their data protection departments. From start-ups to large corporations – everyone employs data protection officers and trains their employees in handling personal data. Data protection experts are more in demand than ever.
• Data protection becomes a competitive advantage. More and more consumers are paying attention to how companies handle their data. If you are transparent and respect privacy, you can score points with customers.

Conclusion: Data protection is here to stay – for better or for worse. It is important that we maintain a balance between the protection of privacy and other legitimate interests. With a sense of proportion, expertise and a healthy dose of pragmatism, we will also master the challenges of the future. With this in mind: Keep calm and protect data – but with brains and heart, please!

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.