The independent data protection supervisory authorities of the federal states adopted a far-reaching position paper at their 111th conference in Stuttgart on Thursday. Under the title “Stuttgart Impulses for the Modernization of Data Protection”, the guardians of the fundamental right to privacy outline paths to comprehensive structural reform.
Read more after the ad
The surprising move comes against the background of ongoing criticism from companies and parts of politics about fragmented supervision and unclear responsibilities. To counteract this, the state representatives are supporting a Federal Council initiative from Hamburg that seeks a fundamental amendment to the Federal Data Protection Act.
The biggest stumbling block in local data protection supervision is its federal structure. Companies and associations complain that identical facts are sometimes interpreted differently by different state authorities, which creates legal uncertainty and slows down investments.
The authorities are now countering this with concrete proposals. The focus is on anchoring the Data Protection Conference (DSK) in law in order to ensure its binding nature. Binding majority decisions in the non-public sector and a permanent, central office are intended to professionalize cooperation, prevent duplication of work and refute allegations of contradictory requirements. The inspectors also point out that they received over 60,000 complaints nationwide in 2025. They declare it a myth that data protection is interpreted particularly strictly in this country.
One-time test, binding nationwide
The Berlin data protection officer, Meike Kamp, complains that the authorities’ real practical experience has been neglected in the debates so far. Modern supervision requires standardized testing procedures and a targeted bundling of competencies on overarching topics.
A core aspect of modernization therefore concerns the relief of business and administration through digitalization. The state data protection officers advocate a central digital portal for all inquiries in the non-public sector. According to the “No wrong door” principle, citizens and companies should be able to submit inquiries via a single platform, regardless of responsibility. The internal forwarding is then carried out automatically as planned.
This digital surcharge is supported by the creation of a common, publicly accessible decision database. It is intended to ensure maximum transparency and make the uniform application of the General Data Protection Regulation (GDPR) more understandable.
Read more after the ad
The proposed “one-for-all” principle promises relief, particularly for companies operating across borders: as soon as a supervisory authority has examined a matter, the result should be binding nationwide. This prevents identical questions from being checked multiple times by different state offices.
Regional proximity meets bundled specialist expertise
At the same time, state data protection officers emphasize that federalism should not be abolished, but should be intelligently integrated. The local authorities have established networks with regional companies, especially medium-sized businesses, and are familiar with local peculiarities. This specific consulting competence should be retained, while special competences for complex, overarching topics would be bundled in a more targeted manner in the future. As part of a consultation phase, actors from business, science and administration are invited to comment on the proposals.
In supervisory practice, the initiative is seen as a historic opportunity. The DSK chairman Tobias Keber from Baden-Württemberg expressly supports the reform project in the Federal Council. Together with the Stuttgart impulses, there is a unique opportunity to effectively strengthen the protection of fundamental rights in the federal system and to simplify administrative procedures in practice. This helps to make data protection sustainable for the future.
The federal and state governments agreed on a federal modernization agenda in December. A redesign of data protection supervision for the non-public sector is therefore planned. The goals are a more uniform legal interpretation, more efficient processes and a possible bundling of responsibilities, for example via one-stop shop models or a coherence procedure.
(nen)
