Voluntary Cooperation of Corporate Entities with Regulatory and Law Enforcement Authorities in the Context of Global Investigations - The German Data Protection Perspective

In the international business context, it is not unusual for corporate entities based in Germany to face requests from either German or foreign regulatory and law enforcement authorities for voluntary cooperation in the context of global investigations. Given that almost every aspect of today’s life is captured electronically in one form or another, these requests for voluntary cooperation often relate to the transfer of electronic data. Typically, such (electronic) data relates in whole or in part to individuals (e.g. employees, suppliers and customers). From the authorities’ perspectives, voluntary cooperation by companies has many benefits, particularly speed and efficiency, as the strict and often bureaucratic procedural requirements of formal requests are circumvented, particularly in a cross-border context.

The informal nature of these requests, however, raises concerns as to whether the company should, and, more importantly, is actually legally permitted to meet such request for voluntary cooperation. In addition to commercial considerations, the company must also evaluate whether the data transfer is legally permissible, given the narrow constraints of the German Federal Data Protection Act (Bundesdatenschutzgesetz – “FDPA”) which implements the European Data Protection Directive and currently constitutes the central legal framework for the handling of personal data in Germany.

This memorandum outlines the scope of application of the FDPA, introduces the relevant statutory provisions, and discusses the relevant considerations in the context of an investigation, in particular where a German based entity faces requests for voluntary cooperation from authorities abroad.