Data protection - CURRENT
LATEST NEWS in data protection law
The core competencies of the law firm kp.law&privacy result from many years of professional experience and form the focus of the consulting activities.
VIDEO-TELEFONIE (VoIP - Voice over IP) ALS VIRUS - PROFITER
Business meetings and Corona - dilemma between functionality and security
The nationwide lockdown caused by SARS-CoV-2/Covid-19 had a significant impact on private development. In addition, many companies saw their existence threatened. Liquidity bottlenecks due to a lack of income and the restructuring of entire operational processes require a reorganization of priorities in order to maintain profitability. It is understandable that issues such as data protection quickly become secondary, but this is not entirely without risk, especially in companies with many employees and customers. Finally, it is fundamentally unacceptable that informational self-determination, which is also guaranteed by the Basic Law, i.e. the right of the individual to be able to decide for themselves about the disclosure and use of their personal data (Article 1 Paragraph 1 in conjunction with Article 2 Paragraph 1 of the Basic Law), should be neglected. The contact restrictions due to the Corona pandemic continue. In order to maintain the communication necessary for ongoing business operations even in times of Corona, many companies often only have the option of holding important meetings via video conference. The use of special Internet technology (Voice over Internet Protocol -VoIP) to conduct customer or team meetings, but also training seminars or homeschooling has become an integral part of companies. Some of the advantages of digitalized communication between employees, customers or business partners from different national or international locations are only mentioned in passing: sustainability, financial savings on avoidable business trips, efficiency in every respect. Free offers for video telephony such as ZOOM, SKYPE or TEAMS are therefore becoming increasingly popular, especially in the business sector. VoIP providers recognized the demand in good time and made their offers increasingly attractive for companies, for example by increasing the number of potential participants. Functional criteria such as stable connections or simplified access criteria continue to be the top priority for potential users. The fact that these are paid offers (so-called SaaS service providers) or freeware does not necessarily provide any information about the quality of the product. Unfortunately, little attention is often paid to the fact that the hasty choice of any provider for your own company can easily put you on legal thin ice. Data protection and IT security aspects in particular are still classified as hindering business or unrealistic and are often not or inadequately taken into account in the selection process. The Corona pandemic ultimately triggered a real dilemma in many industries: pressure to act on the one hand, functionality on the other, led to data and usually also confidentiality protection falling by the wayside. Admittedly, many large and small providers in the VoIP segment offer functionality and ease of use. Despite all the consideration of economically oriented interests in particular, it is nevertheless advisable to keep in mind that in the context of a business video meeting, not only personal data (your own picture, private statements, etc.) is transmitted, but in individual cases confidential or internal company information subject to confidentiality is also exchanged. The problem is not primarily with communication with the conversation partner as such, but rather with the fact that, due to a lack of appropriate security precautions, all transmission data can be spied on. Whether and to what extent the easily accessible conversation content is used for the purposes of industrial espionage or passwords are sold on the darknet is no longer controllable by the individual company. In the worst case, this can lead to existential and economically irreparable damage. With increasing attention and increasing criticism, some providers of VoIP tools have upgraded and are working on security-oriented solutions. Whether this meets the requirements of their own company on the one hand and the provisions of the GDPR on the other hand ultimately remains a matter of individual case assessment. Anyone who does not want to be guided by uncertain security factors can also consider an on-premise solution (software hosted on their own servers). However, not all companies or other organizations responsible for data protection have the necessary resources to provide a secure in-house solution (e.g. due to a lack of their own IT infrastructure). If the resources for a technically skilled SaaS (Software as a Service) service provider are also lacking, small companies in particular primarily resort to well-known freeware. NOTE: Every company responsible for data protection is recommended to review its own technical and organizational measures and, if necessary, to create a conceptual basis for the processing activity ("video telephony"). In this context, (internal) guidelines or instructions that are long overdue or necessary can be initiated or, for example, company agreements can be negotiated. Companies and other organizations covered by the scope of the GDPR should also note that inadequate security precautions in the form of technical and organizational measures (so-called TOM according to Art. 32 GDPR), a missing or incomplete list of processing activities according to Art. 30 GDPR, a lack of information about data processing for employees or customers according to Art. 12-14 GDPR or a lack of data protection impact assessment according to Art. 35 GDPR can each constitute a violation of data protection regulations. According to Art. 82 GDPR, this may result in claims for damages or there is a risk of severe fines being imposed according to Art. 83 GDPR (up to EUR 20 million or up to 4% of the total annual turnover achieved worldwide). Source: kp.law&privacy.com Status: June 1, 2020 --- I am happy to answer any further questions you may have on the subject.
...is currently being revised.