Germany’s Gesellschaft für Informatik (GI) has criticised the lack of data protection and IT security measures in the Government’s new Data Transparency Ordinance (DaTraV) and called for urgent improvements.

German’s Ministry of Health (BMG) plans to regulate details of the Digital Supply Act (DVG) passed in 2019, including the transfer of data for research purposes. However, the GI’s Presidential Working Group on Data Protection and IT Security has slammed the planned central data collection of all persons with statutory health insurance without the possibility of objection, saying data protection and IT security have not been given sufficient consideration.

Professor Hartmut Pohl, spokesman of the GI working group said: “The present draft of the speaker does not formulate any security specifications or duties of care of the health insurance companies and the top association with which data protection and security of data could be guaranteed. From the official comment period of only nine days, I can only conclude that the BMG is not seriously interested in a dialogue with the specialist public.”

The experts of the presidium working group claim that despite the use of pseudonyms, a clear identification of the insured persons is possible. Although the transfer of data for research purposes is in principle to be welcomed, clear restrictions on the use of such data are needed. 

“Access to the data stocks of the insured persons without any restriction or control represents an enormous threat to all personal and individual health data,” said Dr Pohl. “We therefore call for improvements and more extensive involvement of the Federal Office for Information Security (BSI), the Federal Commissioner for Data Protection and Freedom of Information in (BfDI) and the specialist public.”

Image: Hartmut Pohl