Fundamental Work on the Information Duties of the GDPR – Background, Interpretation, Perspectives


Fundamental Work on the Information Duties of the GDPR – Background, Interpretation, Perspectives

We spoke with our author Dr. Gordian Konstantin Ebner about his dissertation “Weniger ist Mehr?” (Less is More?)

Your work critically analyzes the information requirements of the GDPR and is entitled “Weniger ist mehr?” (Less is More) To what extent is less more in this context?

“If one asks about the intention underlying the information obligations, one comes to the conclusion that the regulations – or the data protection notices resulting from them – essentially pursue very important purposes and that they are therefore not (entirely) dispensable.

At the same time, studies show that the information requirements currently do not (cannot) serve these purposes because the data protection notices based on them are inevitably too extensive and too complex in content. Likewise, it has been demonstrated that less information potentially leads to “more” informedness.

This is ultimately – albeit somewhat simplified – the answer to the title question: information requirements are not entirely dispensable. But less and conceptually better information is “more” than extensive information because it is much more effective in conveying its immanent message. This realization, of course, applies especially to the privacy notices we encounter every day.”

Who should definitely read your book?

“The book is essentially aimed at three groups: Because of its middle section, which addresses all current issues relating to Articles 12-14 of the GDPR and Sections 32 and 33 of the BDSG in a practice-oriented manner in the style of a major commentary, it is aimed in particular at practitioners in IT law firms, IT consulting companies, and data protection officers in all companies.

In addition, it serves as an evaluation of the current design of the information requirements and their exceptions for regulators at European and national level. At the same time, it illustrates what could be important in a hypothetical amendment of the relevant standards and thus serves as an orientation aid on the way to a new regulation of Art. 12 et seq. GDPR.

As a scientific treatise, the work is of course also addressed to legal scholars and students who deal in depth with issues in the context of (data protection law) information obligations.”

You also point out perspectives. Can you briefly elaborate on these?

“At its core, the work aims at a re-regulation of Art. 12-15 DS-GVO. Supported by the findings of behavioral economics as well as with a view to the information obligations of other data protection legal systems, this should be approached in three ways:

First, the concept of information provision should change fundamentally. One way of doing this would be to make greater use (possibly mandatory) of pictorial symbols or so-called PIMS.

Secondly, the standards should also be optimized structurally to facilitate the application of the law in practice: for example, the division of information into two paragraphs should be abandoned and a sequence of information should be defined.

Third, some of the existing information should be deleted without replacement and replaced by new information in individual cases. It would be worth considering, for example, information on the transfer of data in return for payment. These and other suggestions are discussed comprehensively in the final chapter of the thesis.”