Germany: Adopted BfDI Data Protection and Telecommunications Report

On 20 June 2023, the Data Protection Authority issued a report on technical and legal issues that are faced within the telecommunication industry. Initially, the report outlines the legal foundations upon which these data protection standards are based, such as the Constitution, the General Data Protection Regulation (GDPR), the Telecommunications Act, and the Telecommunications and Telemedia Data Protection Act. The report then outlines the obligations of data processors, Telemedia providers, and device providers. The handling of different data types is specified, including the collection, retention, processing, and deletion of subscriber data, traffic data, and tax data. The report also outlines its complaint procedure for users and their rights regarding the processing of their data (access, consent, deletion). Technical security measures to be undertaken by telecommunication providers are explained, as well as the clear reporting process to supervisory authorities. Finally, the report addresses practical questions related to topics such as itemised billing, email services, fixed-line telephony, and voice-over IP.