In the early 1960s, consideration for comprehensive data protection began in the United States and further developed with advancements in computer technology and its privacy risks.
So a regulatory framework was needed to counteract the impairment of privacy in the processing of personal data.
[1] In the following years, as the BDSG was taking shape in practice, a technical development took place in data processing as the computer became increasingly important both at work and in the private sector.
[4] In 1990, the legislature adopted a new data protection law based on the decision of the German Constitutional Court.
On June 11, 2010 changed the "Novelle III" [4] as a small sub-item within the law implementing the EU Consumer Credit Directive, the § 29 BDSG by two paragraphs.
In 2009, there were three amendments to the BDSG as a result of criticism from consumer advocates and numerous privacy scandals in business.
Principle of proportionality: The creation of standards restrict the fundamental rights of the affected person.
Transfers to third countries must comply with the requirements of the Federal Privacy Act (§ 4b II sentence 1 BDSG).
The adequacy of protection shall be assessed by taking all the circumstances into account that are of importance for data transmission (§ 4b III BDSG).
These include the type of data, the purpose, duration of processing, professional rules and security measures.
According to the decision, the U.S. Department of Commerce assured a reasonable level of data protection through the negotiated Safe Harbor Agreement.
Through the Safe Harbor Agreement (invalidated 6 October 2015 by Maximillian Schrems v. Data Protection Commissioner, and its successor, Privacy Shield, invalidated on 16 July 2020), the recipient in the United States commits itself to comply with certain data protection principles by means of statements that to the relevant U.S. authorities.
The contractual clauses or "binding corporate rules" must offer adequate guarantees regarding the protection of personal rights and must be approved in advance by the Competent Authority (§ 4c BDSG II set 1).
The codes of conduct must also give victims legal rights and certain guarantees, as is the case in contracts.