ABSTRACT
Creating a uniform level of data protection within the Member States of the EU did not come easy. It took the EU institutions and national Governments more than five years of negotiations and discussions to mould the original Commission proposal of 18 July 1990 into the final version of the Data Protection Directive of 24 October 1995. With regard to data protection, the Federal Constitution does not consider it to be a monolithic field of law. The history of the German development of a comprehensive cancer register may illustrate the underlying constitutional framework in Germany. National identification numbers are not used in the Federal Republic of Germany. Medical research is not expressly referred to in the provision. State data protection Acts have also introduced procedures for prior checking whenever automated procedures are used. The Supervisory Authorities may sanction violations by issuing penalty orders in cases of minor (i.e. non-criminal) breaches of the federal or state Data Protection Acts.
