When enforcing the General Data Protection Regulation (GDPR), the Federal Data Protection Commissioner Ulrich Kelber is currently quickly reaching the limits of the Messenger service Telegram. The authority admits this in a procedure. The subject is a complaint by a Freiheitsfoo activist that Telegram is not correctly processing a request for information about stored user data.
The Dubai-based company is not easy to reach for authorities: Telegram does not meet the obligation under Article 27 GDPR to appoint a representative as a contact person for official inquiries.
“As a result, the processing of complaints in these cases is often lengthy and difficult,” explained an employee of the department for telemedia of the supervisory authority“However, I will work towards clarifying the factual and legal situation in your matter in its entirety and will then get back to you without being asked. Until then, I ask you to be patient.”
So far, Telegram only refers to an address in Great Britain. If a company does not have a branch in the EU, it must specify a contact person for the authorities.
Telegram’s chatbot is a barrier
The complaint is based on the fact that users are confronted with a chat bot when trying to start an information procedure with the operator of the chat service. According to the author of the submission, dealing with this “then leads to weeks of back and forth, which gives the impression that one is trying to annoy those seeking information as much as possible”. Ultimately, the procedure boils down to the advice of installing the limited computer program for Telegram’s web service on a PC and using it to access your data. Chat group activities and histories that the operator saves on servers in an unknown location are left out.
The German judiciary has long been arguing with Telegram about compliance with the Network Enforcement Act (NetzDG). In the meantime, the Federal Office of Justice (BfJ) has issued two fines totaling 5.125 million euros against Telegram. The Russian-owned Dubai company has appealed. Should the penalty remain, it is unclear how it could be enforced against the largely uncooperative provider Telegram. German prosecutors also complain about a lack of cooperation with Telegram, even in investigations into serious crimes.
Kelber’s team at the Federal Ministry of Defense (BMVg) and the General Customs Directorate was more successful: both requested information about an applicant’s data that might have been stored from this first a “self-assessment”: They wanted to find out where or in what context he suspected that the authorities were storing personal information about him. The BMVg even urged citizens to transmit sensitive personal data in unencrypted e-mails. When the Federal Data Protection Authority informed both offices of their different legal opinion, they gave in and assured that they fundamentally wanted to refrain from asking for more precise information requests.
(ds)
