§ 4 Video surveillance of publicly accessible spaces

  1. Monitoring publicly accessible areas with optical-electronic devices (video surveil- lance) shall be permitted only as far as it is necessary
    1. for public bodies to perform their tasks,
    2. to exercise the right to determine who shall be allowed or denied access or
    3. to safeguard legitimate interests for specifically defined purposes

    and if there is nothing to indicate legitimate overriding interests of the data subjects. For video surveillance of

    1. large publicly accessible facilities, such as sport facilities, places of gathering and entertainment, shopping centres and car parks, or
    2. vehicles and large publicly accessible facilities of public rail, ship or bus transport,

    protecting the lives, health and freedom of persons present shall be regarded as a very important interest.

  2. Appropriate measures shall be taken to make the surveillance and the controller’s name and contact details identifiable as early as possible.
  3. Storing or using data collected pursuant to subsection 1 shall be permitted if necessary to achieve the intended purpose and if there is nothing to indicate legitimate overriding interests of the data subjects. Subsection 1, second sentence, shall apply accordingly. The data may be further processed for another purpose only if necessary to prevent threats to state and public security and to prosecute crimes.
  4. If data collected from video surveillance are attributed to a particular person, that person shall be informed of the processing in accordance with Articles 13 and 14 of Regulation (EU) 2016/679. Section 32 shall apply accordingly
  5. The data shall be deleted without delay, if they are no longer needed for the in- tended purpose or if the data subject’s legitimate interests stand in the way of any further storage.

Content of the FDPA (new)

Part 1 – Common provisions (§§ 1 - 21)

Part 2 – Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679 (§§ 22-44)

Chapter 1 – Legal basis for processing personal data
Sub-chapter 1 – Processing of special categories of personal data and processing for other purposes

Sub-chapter 2 – Special processing situations

Chapter 2 – Rights of the data subject

Chapter 3 – Obligations of controllers and processors

Chapter 4 – Supervisory authorities for data processing by private bodies

Chapter 5 – Penalties

Chapter 6 – Legal remedies

Part 3 – Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680 (§§ 45-84)

Chapter 1 – Scope, definitions and general principles for processing personal data

Chapter 2 – Legal basis for processing personal data

Chapter 3 – Rights of the data subject

Chapter 4 – Obligations of controllers and processors

Chapter 6 – Cooperation among supervisory authorities

Chapter 7 – Liability and penalties

Part 4 – Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 und Directive (EU) 2016/680 (§ 85)