The Federal Office of Economics and Export Control – Court Ruling (Germany, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Frankfurt court ruled that the Federal Office of Economics and Export Control could continue using its online portal for firearm notifications without needing to encrypt emails end-to-end. This decision matters because it clarifies that transport encryption is enough for certain official communications, which could affect how other government agencies handle sensitive data.
What happened
The court decided that the Federal Office of Economics and Export Control did not need to use end-to-end encryption for its email communications about firearm dealings.
Who was affected
The decision affected individuals dealing in firearms who communicated with the Federal Office of Economics and Export Control.
What the authority found
The court ruled that transport encryption was sufficient for the Office's email communications, meeting GDPR's requirements for data integrity and confidentiality.
Why this matters
This ruling clarifies that government agencies may not need to use end-to-end encryption for certain communications, which could influence how they secure sensitive data. It highlights the importance of understanding what level of encryption is necessary under GDPR.
GDPR Articles Cited
The data subject is engaged in the dealing of firearms which are subject to a prohibition with a reservation of permission. Moreover, as became known in a separate court decision, the data subject is afraid of becoming a victim of kidnapping or robbery. The Federal Office of Economics and Export Control, the data controller, is the supervisory authority of the data subject in regards to the German laws on war weapons and has largely switched to electronic legal transactions via its communication portal: the electronic war weapons register. The data subject contacted the controller and complained that future information on the electronic war weapons register should only be transmitted by e-mail which is encrypted by a special software and objected to the current form of transmission as a precautionary measure under Article 21 GDPR and requested a restriction of processing under Article 18 GDPR. Additionally, the data subject complained about the controller's email communication, pointed out that the messages contained personal data within the meaning of Article 4(1) GDPR, and requested appropriate technical and organisational measures in accordance with the state of the art, such as end-to-end encryption, as well as the restriction of the processing pursuant to Article 18(1)(d) GDPR. The controller promised to carry out an examination but continued to use email to communicate with the data subject. The data subject took this as an occasion to apply for an exemption from the legally obligatory electronic notification of his weapon dealings. Eventually, his application was rejected and he was asked to continue using the controller's online portal for future notifications. As a response, the data subject brought an action for injunction before the Administrative Court of Frankfurt am Main concerning the controller's data transfers. The controller asked the court to reject the data subject's notion, reasoning that the data processing was justified by Article 6(1)(e) GD
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for The Federal Office of Economics and Export Control in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. The Federal Office of Economics and Export Control - Germany (2022). Retrieved from cookiefines.eu
Last updated: