“Why didn’t I become a classic lawyer? They like to argue too much and have to represent their clients’ points of view in court that they wouldn’t represent themselves,” explains Steffen Weiß. It’s different for him. Although he is also a lawyer, as Legal Counsel Data Protection at the Gesellschaft für Datenschutz und Datensicherheit (GDD) (German Association for Data Protection and Data Security), he represents a goal that he stands behind: “We advocate for sensible, defensible and technically feasible data protection.”
Sensible, in Weiß’s view, means: not too granular and feasible in practice for the more than 3,800 GDD members. “You should be able to break everything down to the basic principles without getting lost in small details,” the 40-year-old thinks. If the data protection association’s members, mainly companies and data protection officers, have questions about implementing current rules, they can turn to him. “That advice is my job. But I also do politics.”
Goal: pragmatic data protection for Europe
In Brussels, Weiß and his GDD colleagues are lobbying to prevent the rules from becoming too complicated in the first place. “In consultations with politicians and supervisory authorities, we have to tell them that what you have in mind doesn’t work in practice.” However, Weiß admits that he also finds the complexity of data protection exciting. “Even if you’ve been dealing with it for more than 13 years, as I have, you still come to areas where you think: Oh, it’s not that simple.”
When it comes to the General Data Protection Regulation, Weiß only talks about “the General Regulation”; the other half of the word is part of his everyday life. His fascination with the topic began during his studies. Weiß was born in the Black Forest town of Lahr. After his second state examination in law, he added a master’s degree in information technology law and intellectual property law, part of which he completed in Buenos Aires. One of the things he took away from his studies was a knowledge of Spanish, which he can still use today.
This is also the case at present, as Weiß, as a member of the GDD’s Executive Board for International Affairs, is currently concerned with international understanding in European data protection. In 2022, the GDD will hold the presidency of the European data protection organization CEDPO, in which ten national European data protection organizations are organized. Until now, CEDPO has been more of a loose association, which is now to be transformed into an association under Belgian law. And then? “We no longer want to just react, but to approach the EU institutions even more actively.” Paul Meerkamp