The draft data protection regulation of the European Commission that had leaked in early December has been widely criticised by the German Minister of the Interior and aFederal Constitutional Court judge. The points of concern were not the new and mainly stricter rules of the draft regulation, but that the European Commission chose a regulation instead of a directive.

First, Johannes Masing, one of the sixteen judges of theFederal Constitutional CourtinKarlsruhe, unmistakably warned about the new regulation in a newspaper article last Monday titled “Goodbye to fundamental rights”. Mr. Masing said that as a regulation was in fact a directly applicable law in every member state, national rights would be pushed aside. This would also be the case with regard to the fundamental rights of the Grundgesetz, the German constitution.

In Germany, data protection laws do not originate from the European Directive 95/46/EC or a simple law, but were “invented” by the Constitutional Court in a fundamental decision in the year 1983, in which the court derived personal data protection rights directly from the constitution. Therefore, all German courts apply data protection regulations also with regard to the fundamental rights guaranteed by the constitution.

As a consequence of data protection law being regulated in a regulation, national German courts could no longer decide on the interpretation of data protection law, but would need to present critical cases to the European Court of Justice (ECJ) being the only decisive authority on European law. Mr. Masing fears that this would lead to a decline of legal protection, as the ECJ was not a special human rights court and in charge of 27 member states. Furthermore, only courts and not individuals could present cases to the ECJ. Contrary, inGermany, subject to further requirements every citizen can appeal to the Federal Constitutional Courtif they feel that their basic rights are violated. 

Judge Masing’s opinion is mainly shared by the Federal Minister of the Interior, Hans-Peter Friedrich, who criticised in an interview on 15 January that a regulation would relocate further legal competences to the European Union. Despite this material criticism, both stressed that an increasingly harmonised data protection law would strengthen the internal market.

Especially Judge Masing’s reaction is interesting, as constitutional court judges are generally more reserved when it comes to direct criticism of laws, especially European laws. Rumours say that Commissioner Viviane Reding’s ambitious draft is subject to highly controversial debates between the other members of the commission and that this may have been a reason why its text leaked more than six weeks prior to its official announcement. Therefore, the draft may not even be the final version that will be presented on 25 January.  

This shows, however, that the discussion on the new regulation on data protection has just started. The regulation will be adopted, if at all, according to the ordinary legislative procedure pursuant to article 294 of the Treaty on the Functioning of the European Union. This means that both the Council of the European Union and the European Parliament have to approve the regulation in two or three readings. Normally, this procedure can take up to two and a half years – enough time for national governments and lobby groups to look for like-minded governments and politicians to push for legislative changes in the new data protection law’s form and content.