Privacy & Cybersecurity Law Blog

On February 8, 2011, the German Federal Commissioner for Data Protection and Freedom of Information issued a concept paper setting forth concrete suggestions for the creation of a Data Protection Foundation (the “Foundation”). The German government has reserved a budget of €10 million to establish the Foundation, which it plans to do in 2011.

The Foundation is intended to function in a manner similar to the German consumer protection organization (Stiftung Warentest) that evaluates and compares products and services for German consumers. Among its tasks, the Foundation will (1) test products and services for data protection compliance, (2) educate citizens to help improve “self” data protection, (3) conduct research activities, and (4) establish a data protection seal.

According to the paper, the Foundation’s management and finances should be independent to help avoid conflicts of interest, but for purposes of efficiency the Foundation would work closely with the data protection authorities (DPAs) to carry out responsibilities relating to the DPAs’ work. For example, the Commissioner anticipates that companies would use the Foundation’s certifications and positive test results when presenting their products and services to the DPAs. The paper further states that the DPAs should support the Foundation by contributing their auditing experience to the process of developing solid and practical parameters for certification procedures and quality seals, and should cooperate with the Foundation to facilitate the design and implementation of informational materials, training courses, lectures, and other educational efforts.