Out­sour­cing by pro­fes­sio­nal sec­re­cy bodies: Germany

It has not been cla­ri­fi­ed in all respects under which cir­cum­stances a Out­sour­cing by per­sons who are sub­ject to a Pro­fes­sio­nal sec­re­cy (such as doc­tors and lawy­ers). In Switz­er­land, Prof. Woh­lers has sti­mu­la­ted this dis­cus­sion by a Expert opi­ni­on, an essay in dig­ma (Out­sour­cing durch Berufs­ge­heim­nis­trä­ger, dig­ma 2016, 114 et seq. [Swiss­lex]) and initia­ted by a pre­sen­ta­ti­on of (on May 27, 2016). The opi­ni­on expres­sed by Prof. Woh­lers had spo­ra­dic prac­ti­cal effects (cf. e.g. here), but other­wi­se trig­ge­red a sur­pri­sin­gly quiet echo.

In Ger­ma­ny, an ana­log­ous dis­cus­sion has been going on for some time and has led to a draft law the­re that is inten­ded to legal­ly regu­la­te the out­sour­cing by pro­fes­sio­nal sec­re­cy pro­vi­ders, which is also unavo­ida­ble in Ger­ma­ny from a prac­ti­cal point of view (BR-Drs. 163/17, “Draft of a Law on the Reor­ga­nizati­on of the Pro­tec­tion of Secrets in the Par­ti­ci­pa­ti­on of Third Par­ties in the Exer­cise of the Pro­fes­si­on of Per­sons Obli­ged to Main­tain Sec­re­cy”). Howe­ver, the situa­ti­on is dif­fe­rent in Switz­er­land in that § 203 of the Ger­man StGB The Swiss Code of Cri­mi­nal Pro­ce­du­re does not obli­ge auxi­lia­ry per­sons to obser­ve pro­fes­sio­nal sec­re­cy, unli­ke, for exam­p­le, Art. 321 of the Swiss Cri­mi­nal Code. A legal regu­la­ti­on is the­r­e­fo­re more likely in Ger­ma­ny than in Switzerland.

On Janu­ary 24, 2017, the Con­fe­rence of the Inde­pen­dent Data Pro­tec­tion Aut­ho­ri­ties of the Fede­ral Govern­ment and the Län­der agreed to voi­ced and made the fol­lo­wing demand, which is also cor­rect for Switzerland:

The Con­fe­rence of the Inde­pen­dent Data Pro­tec­tion Aut­ho­ri­ties of the Fede­ra­ti­on and the Län­der urges […] that the draft law be impro­ved and the plan­ned syn­chro­ni­ze cri­mi­nal and pro­fes­sio­nal regu­la­ti­ons with data pro­tec­tion regu­la­ti­ons. It must be pos­si­ble for hol­ders of pro­fes­sio­nal sec­re­cy to con­sult exter­nal ser­vice pro­vi­ders. In the inte­rest of the pro­fes­sio­nal sec­re­cy holder’s undistur­bed exer­cise of his pro­fes­si­on and the right to infor­ma­tio­nal self-deter­mi­na­ti­on of the per­sons con­cer­ned, the obli­ga­ti­ons that affect the pro­fes­sio­nal sec­re­cy hol­der from dif­fe­rent are­as of law should, howe­ver, be struc­tu­red in par­al­lel as far as possible.

In Switz­er­land, too, what fol­lows a dic­ta­te of prac­ti­cal neces­si­ty and is per­mis­si­ble under data pro­tec­tion law should not be pro­hi­bi­ted under cri­mi­nal law. The afo­re­men­tio­ned “syn­chro­nizati­on” of data pro­tec­tion with other regu­la­ti­ons is, moreo­ver, a gene­ral con­cern, inclu­ding, for exam­p­le, the Revi­si­on of the FINMA Cir­cular Out­sour­cing.