Spring Conference of the European Privacy Commissioners 2002 in Bonn1

Privacy Protection Audit/Seal of Quality - Practical Experience

Dr. Helmut Bäumler

Independent Centre for Privacy Protection

Schleswig-Holstein, Germany

Spring Conference of the European Privacy Commissioners 2002 in Bonn2

Privacy Protection Audit/Seal of Quality - Practical Experience

One-sided focus on legal aspects

Too much geared towards Rules and Prohibitions

Lack of incentive for good Privacy Protection Concepts

Customers and Citizens not enough involved

Reasons for the Establishment of the Privacy Protection Audit

Shortcomings of the previous Privacy Protection System

Spring Conference of the European Privacy Commissioners 2002 in Bonn3

Privacy Protection Audit/Seal of Quality - Practical Experience

Privacy Protection makes an arrival at the free economy

Influence on the technical Design

Increased Possibility for Control

Privacy Protection as a winning Model

Reasons for the Establishment of the Privacy Protection Audit

Spring Conference of the European Privacy Commissioners 2002 in Bonn4

Privacy Protection Audit/Seal of Quality - Practical Experience

Federal Data Protection Act

Member States‘ Privacy Protection Acts

Privacy Protection Act of Schleswig-Holstein

Privacy Protection Audit

IT Seal of Quality

Legal Situation in Germany

Spring Conference of the European Privacy Commissioners 2002 in Bonn5

Privacy Protection Audit/Seal of Quality - Practical Experience

Legal Situation

Rules

How to execute the Audit

Subject of the Audit

Public Authorities Parts of Public Authorities Administrative Proceedings

Privacy Protection Audit in Schleswig-Holstein

Spring Conference of the European Privacy Commissioners 2002 in Bonn6

Privacy Protection Audit/Seal of Quality - Practical Experience

On voluntary Basis

Increasing Personal Responsibility

Using the Audit as an Image und Commercial factor

Privacy Protection Audit in Schleswig-Holstein

Spring Conference of the European Privacy Commissioners 2002 in Bonn7

Privacy Protection Audit/Seal of Quality - Practical Experience

Examining the current Privacy Protection Situation

Determination of Privacy Protection Aims

Establishment of a Privacy Protection Management System

Appraisal by the Independent Centre for Privacy Protection

Procedure of the Privacy Protection Audit in Schleswig-Holstein

Spring Conference of the European Privacy Commissioners 2002 in Bonn8

Privacy Protection Audit/Seal of Quality - Practical Experience

Awarding with the Audit Seal

First Experience

Procedure of the Privacy Protection Audit in Schleswig-Holstein

Spring Conference of the European Privacy Commissioners 2002 in Bonn9

Privacy Protection Audit/Seal of Quality - Practical Experience

Legal Regulation: § 4 par. 2 Priv.Prot.Act

Further Steps

July 01, 2000: Enactment of the Priv.Prot.Act April 04, 2001: Quality Seal Decree by the State

Government Nov 05, 2001: Beginning of the Expert Accreditation

Procedure Feb 01, 2002: Publication of the Product Criteria Feb 01, 2002: Accreditation of the first Experts

IT Seal of Quality in Schleswig-Holstein

Spring Conference of the European Privacy Commissioners 2002 in Bonn10

Privacy Protection Audit/Seal of Quality - Practical Experience

Product to be certified

Conclusion of an Expert Agreement

Examination and Evaluation of the Product by the Expert

Expert Opinion

The Independent Center for Privacy Protection checks the Expert Opinion on conclusiveness and understandability

Course of the Quality Seal Procedure in Schleswig-Holstein

Spring Conference of the European Privacy Commissioners 2002 in Bonn11

Privacy Protection Audit/Seal of Quality - Practical Experience

Awarding with the Mark of Quality

Spring Conference of the European Privacy Commissioners 2002 in Bonn12

Privacy Protection Audit/Seal of Quality - Practical Experience

Competence and Expert Knowledge

Independence

Reliability

List of Experts:

http://www.datenschutzzentrum.de/guetesiegel/

Experts in the Schleswig-Holstein Seal of Quality Procedure

Spring Conference of the European Privacy Commissioners 2002 in Bonn13

Privacy Protection Audit/Seal of Quality - Practical Experience

No violation of Privacy Protection Laws

Support of Privacy Protection and Data Security Aims by Means of technical Design

Possible organisational Backup Measures are described in an understandable Way and can be put into Action with appropriate Effort

Easily understandable Documentation

Altogether adequate to the User

Criteria for the Schleswig-Holstein Seal of Quality

Spring Conference of the European Privacy Commissioners 2002 in Bonn14

Privacy Protection Audit/Seal of Quality - Practical Experience

Data Avoidance/Data Austerity

Guarantee for Data Security and Ability to Revision

Guarantee for the Rights of the involved citizen

Special Criteria for the Schleswig-Holstein Seal of Quality

Spring Conference of the European Privacy Commissioners 2002 in Bonn15

Privacy Protection Audit/Seal of Quality - Practical Experience

Supported by the EU

Results Influence the Federal Legislation

International Congress 2003 in Kiel

The Schleswig-Holstein Seal of Quality Procedure

Spring Conference of the European Privacy Commissioners 2002 in Bonn16

Privacy Protection Audit/Seal of Quality - Practical Experience

The Independent Centre for Privacy Protection

Where? Holstenstraße 98, 24103 KielTelephone? 0431/988-1200Telefax? 0431/988-1223E-Mail? mail@datenschutzzentrum.deInternet? www.datenschutzzentrum.de