Court case 5 L1281/22.F – Court Ruling (Germany, 2022)

The data subject distributed weapons of war and security products to the German authorities. Due to their "physical and chemical properties," the data subject's products were particularly suitable for illegal activities, and he feared becoming a target of kidnapping or robbery to obtain those products if his personal data were exposed. The German Federal Office for Economic Affairs and Export Control (hereinafter “Office”) was the supervisory authority of the controller within the meaning of the German War Weapons Control Act and the corresponding regulation on the implementation of this act. The Office maintained the electronic war weapons register and had switched to electronic legal transactions via its own communication platform. Emails sent out by this communication platform were sent with transport encryption, not end-to-end encryption. The data subject and the controller disagreed about the obligation to use end-to-end encryption in these electronic legal transactions. The data subject argued that the electronic legal transactions need to be safeguarded by end-to-end encryption. The controller and the Office argued that a transport encryption was sufficient and does not see the necessity to implement additional end-to-end encryption. The data subject requested a temporary injunction on the transmission of his personal data without end-to-end encryption by the controller pending a decision on the issue by the Administrative Court of Frankfurt. The Court held that transport encryption was sufficient for sending email via the controller's communication platform. According to Article 5(1)(f) GDPR, personal data must be processed according to the principles of integrity and confidentiality. The Court acknowledged that these principles are general and need to be specified, but it insisted that they impose concrete obligations, not merely goals for which to strive. The measures that must be taken are those that ensure a level of protection appropriate to the r