“Saving jobseekers from themselves,” is the purpose of the German draft law which will regulate the use of information concerning job applicants collected on the internet by employers. Currently we work with very general criteria of transparency and accuracy, with the obligation to inform and with the evaluation of the principle of incompatibility and purpose, but these criteria are no longer sufficient. The European Commission’s Communication announced their commitment to insert privacy by design in the principles of the new discipline. This principle should help us to face problems from the beginning of every project in order to avoid the difficulty of developing data protection systems subsequently, when all the choices have already been made.
The main point is to do things in a more responsible way; data controllers should not consider these principles as something to comply with only when there is a problem, a complaint or an appeal. They should consider their duties as something to be put into practice on a day-to-day basis. They should take on the responsibility of transforming into internal procedure everything which is necessary to adhere to the principles of law. So, we will no longer have a situation in which data controllers choose not to fulfill their privacy obligations and run the risk of incurring fines, thinking that an inspection may never arrive. Instead we will have a new scenario in which the data custodian controller is conscious that protection of privacy is a daily obligation.