The Federal Data Protection Act (FDPA) remains effective until May 24, 2018. It regulates, inter alia, the rights of the data subject, whose informational self-determination must be ensured. The legal act requires an appropriate treatment of personal data by the controller. In its current version, it implements the European Data Protection Directive 95/46/EC dated 24 October 1995.
The term “informational self-determination” is the right of the individual to determine personally how to deal with his or her personal data. The Federal Constitutional Court raised the informational self-determination to the status of fundamental right (1). Therefore, the controller must not interfere with the rights of the data subject during the processing of personal information. The individual, according to the intention of the legislator, is to be able to determine whether and which information about him or her is to be processed and which information is to be stored by third parties. However, this is subject to the condition that processing is not permitted by law. The Federal Data Protection Act provides that the data processing of the individual details relating to the personal or factual circumstances of a particular or identifiable natural person is only permissible, if this is permitted or prescribed by the Federal Data Protection Act or other legal provisions or the data subject provided his or her respective consent, according to § 3 (I), 4 (I) FDPA.
Companies are therefore obliged to adapt their data processing procedure to legal requirements.
Federal Constitutional Court, decision dated 15.12.1983 – 1 BvR 209/83, Federal Constitutional Court 65, 1 = NJW 1984, 418