The basis of data security is the right to informational self-determination which grants every individual control over the collection, storage, use, and disclosure of any personal data stored about him or her.
"To this extent, the fundamental right guarantees the individual's general authority to decide for himself on the disclosure and use of his personal data. Limitations with regard to this right to "informational self-determination" shall only be admissible if required in the overriding public interest". (Judgement on population census of 15 Dec. 1983).
Hence, the concern of data security is not in the first place to protect data but rather to protect personal rights. Processing personal data is only admissible if founded on a legal basis as defined in the Federal German Data Protection Act (Bundesdatenschutzgesetz; "BDSG") and the federal states' data protection acts. The basic principles in terms of "necessity" (including data economy and data reduction) and "limited use" must be observed.
A comprehensive introduction to the subject of data protection is provided in the article "Informational Self-Determination and Data Protection. The Right to Privacy." („Informationelle Selbstbestimmung und Datenschutz. Das Recht auf Privatsphäre.“) by the former data security official of the federal state of Berlin, Prof. Dr. Hansjürgen Garstka.
Extracts from the contents:
- History of Data Security
- Scope of Application of Data Protection Acts
- Admissibility of Data Processing
- Controlling Bodies
- Telecommunications Act