Germany: New Government to Centralise Data Privacy Supervision

Germany’s new coalition plans to centralise private sector data protection under a federal authority, aiming to streamline compliance but facing constitutional and political resistance.

The Key Points: Germany’s new coalition plans to centralise private sector data protection under a single federal authority, the BfDI, moving away from the current fragmented system of state-level oversight. However, sector-specific and Länder authorities will still have roles.

Why This Matters: The reform is influenced, in part, by broader EU moves to ease GDPR burdens. The move to greater centralisation in Germany aims to simplify compliance, especially for companies operating across multiple German states, and could reduce administrative burdens. However, constitutional and political hurdles remain. There is also a 2010 CJEU decision underpinning the independence of the Länder authorities.

What Might Happen Next:  The commitment is still at the proposal stage, so the details of the reform are still await. When they are published and debated there will be some resistance from a range of sources. The process could take several years and may be influenced by broader EU moves to ease GDPR burdens.

What You Should Be Doing: This German “one-stop-shop” approach where companies would only need to interact with the BfDI echoes the promise of GDPR in its early days. It too was sold with the goal of simplifying reporting obligations and reducing legal uncertainty. But it didn't turn out that way. So, companies should monitor developments and review their data protection strategies to prepare for what actually results from this shift to a “one-stop-shop” model.