Dana works as a data protection officer and corporate counsel in the data protection area for Talanx Insurance Group and is alumna of the 12th EULISP-year.
03.05.2021 – Interview
Dana, not so long ago, EU and IT law were not necessarily thriving educational subjects at the majority of law schools in Germany. However, this has changed fundamentally, not least with the entry into force of the General Data Protection Regulation in May 2018 and the attention that data protection law has recently received. Why did you still apply for the EULISP back then and what is special about this program for you?
When I attended the EULISP course in 2006/2007, EU and IT law were still rather marginal topics, which even today play a role only at the end of university legal training. I had already studied and lived in Hanover and therefore knew some people who had attended the course and told me about the content, which aroused my interest. Another decisive factor for me was the structure of the study program with one trimester in Hannover, one abroad and one for the master’s thesis. The trimester abroad was particularly appealing to me, as I had already been abroad once during my studies.
The content aspects of the program stand out above all because the underlying issues are continuously changing. This applies not only to data protection law, but also to the other subjects that are tackled during EULISP. This results in a very unique dynamic in case law and legislation. In data protection law in particular, I notice very strongly the attempts that are made to remain technologically neutral so that the law is not seen as outdated too quickly. However, this is only partially successful, as could be seen in the very detailed legislative procedures at national level which I experienced when I started working. For example, a regulation on employee data protection was drafted that was based on the reality of life at that time, but contained too detailed regulations and was also not sufficiently technology-neutral.
You have already mentioned that the semester abroad was a decisive factor for you in choosing the program. Looking back, would you say that the placement of the EULISP program within the overall European integration process was a major unique selling point for EULISP? Especially during the time you were doing the program?
While the proportion of foreign students in Hanover was still much lower in my year, the opposite development has become apparent in the following years. But the people who studied with me in Hanover back then and stayed in Germany have certainly been able to use their experience from abroad in their jobs, especially when they encounter international issues.
Which EULISP seminars and personal experiences do you remember most from your first EULISP semester in Hanover?
I particularly liked the practical relevance of the seminars back then. In the lecture on telecommunications law, the complex technical background for understanding this field of law was well conveyed. In the seminar on contract drafting, we also simulated a practical contract negotiation in relation to software contracts. I found this very successful due to the practical reference and the experience of the lecturer.
You spent the second EULISP semester in Stockholm. Would you say that the Scandinavians have something ahead of us Germans in terms of IT expertise and new ideas? That innovative ideas are better accepted, for example?
I think we would be just as open if the technical possibilities were the same; however, that already starts with a good Internet connection. As far as data protection is concerned, the Swedes are used to disclosing much more data in their public registers, so of course the basic attitude is already quite different. For example, unlike what we are used to in Germany, everyone’s income is disclosed. That’s a clash of two cultures.
What are your three ultimate Sweden tips for future EULISP students?
Stockholm is a very beautiful city, made up of different islands and with a lot of water, where you can do a lot. On Södermalm, where I lived, you can spend a lot of time in the cafés by the water, for example. Djurgården is also very central and green, and there are several museums there. There is the Vasa Museum, but also the National Gallery or Astrid Lindgren’s World. If you travel to a Nordic country in winter, I recommend to actually come back again in summer. You can already tell that the mood of the people and the energy is quite different. The fact that there were almost white nights fascinated me very much.
After you completed your second state exam, you worked as an advisor for the German Insurance Association and today you still work for a large insurance group. Why did you decide to go into the insurance industry?
In my first job, it was more by chance: I was writing my master’s thesis on a data protection topic and the insurance association was looking for a data protection officer. I learned everything that was important for insurance companies after that. With the second job, it just presented itself. While my first job was about drafting statements on legislative procedures and exchanging views with member companies and data protection authorities – my current job allows me to apply my knowledge in practice, which means that I advise our group companies on all data protection issues, support the implementation of data protection solutions and fulfill my monitoring function as a company data protection officer. I think data protection is an important issue for the industry because a lot of data is processed by insurance companies to assess risks and settle claims. This naturally raises a lot of data protection issues. The fact that it is very sensitive and extensive data means that the focus is stronger than perhaps in an industrial company, which deals with supplier and employee data but otherwise has no sensitive data.
Nowadays, the subsequent evaluation of damage events often makes use of photos that are freely available on the Internet (e.g. via Facebook or Google Maps). Are data protection officers involved at this point?
Whether you get involved depends on what data protection management looks like in a company, so ultimately how visible you are. Against the backdrop of the high fine amounts stipulated by the GDPR, this has changed from an economic perspective. Due to the risks of fines and loss of reputation, more staff have been hired in data protection areas overall and these areas have become more visible overall. This makes it easier to exercise our advisory and monitoring function, for example by means of procedure directories or specific audits of data processing.
Looking back, what was the significance of EULISP for your legal career overall?
For me, EULISP was a real game changer. Even during my legal clerkship, I had a completely different direction, but I didn’t want to pursue it in the long run. After I got the place in the programme, data protection law was, in retrospect, a stroke of luck. It turned out to be a future field for lawyers. I have been working in the field for 10 years and continue to find it very interesting. Without EULISP, I wouldn’t have got into this area of law in the first place.