Alumnus in portrait: Paul C. Johannes, LL.M.

Paul C. Johannes

Paul C. Johannes is EULISP graduate and a research associate at the Project Group for Constitutionally Compatible Technology Design (provet) at the Scientific Centre for Information Technology Design (ITeG) at the University of Kassel; he is also a lawyer ( and managing partner of Datenrecht Beratungsgesellschaft.

20.07.2022 – Interview

Paul, what was your motivation at the time for choosing the EULISP?

I wanted to continue my education in this field of law and technology, also because IT has always been one of my hobbies. I had also studied computer science at one time. I studied law and computer science together, but it didn’t work out. But I was very interested in continuing in this direction with my legal knowledge, and at some point, I moved to Hanover. I had also finished my studies in Hanover, had in the meantime gone into the legal traineeship and then came back to the EULISP because there was time and opportunity to do that.

When you think back, what content from the first semester do you remember most or what content stood out in a particularly positive way?

There were many things that I hadn’t had much contact with before. For example, copyright law and signature law. I had heard about these fields of law before, but not so intensively. I also remember the practical aspects that were taught by the respective legal lecturers. For example, there was contract drafting and intellectual property law. The courses were all very well taught, even better than I remembered from my traineeship, and that helped me a lot later on.

One of the unique selling points of the EULISP is its focus on European legislation, especially in the area of IT law. In your opinion, is it a good focus or would you have wished for more in the direction of German IT law back then?

No, not at all. Well, at that time it was already the right orientation. Even more so today, because the decisive guidelines in this area (IT law) come from Brussels, so it makes absolutely no sense to look only to Germany. Everyone who does IT law has to be a European lawyer and then that is exactly the right orientation.

Then I would like to ask you about your semester abroad, which you spent in London. Why did you decide to go to Queen Mary University?

I have to be honest. I didn’t choose Queen Mary University, I chose London. But Queen Mary University with its special subject area for this Master’s degree, which also involved IT law and public international law, was also a very good decision in retrospect. So, it wasn’t a low-quality programme, but a very selective, well-prepared programme with a lot of international students and lecturers. The classes for our Master’s degree were really in the middle of the city and the Master’s students were able to find their way to each other quite well. The teaching was also very good.

Do you remember any particular lectures from your time there?

Back then, I heard a lot of copyright law and a little bit of regulatory law, which always had a UK flavour with common law. That didn’t help me much in my professional life later on. But recognising these differences and learning how to approach the solution of a case was helpful. It does make a difference on which side of the case solution and case law you distinguish from each other and how you then draft and argue pleadings accordingly.

The next question concerns the search for tips for future EULISP students who are interested in the partner university. Do you have some insider tips for us? For example, about university or life in London that you can pass on?

No. I didn’t take care of everything until just before I went to London, or not at all. After arriving, I moved into a youth hostel (dormitory) and then looked for a flat in London. I had a fellow EULISP student who was in the student hall of residence. She had managed everything beforehand. At the beginning, of course, I had no contact with the other QMU students because I had looked for a shared flat, but I had contacts with all kinds of other people through the hostel and through the courses I attended in London. You might have to think about what you prefer beforehand. Of course, you can still get in touch with students through your studies. But if you want to experience life in London a bit, you should look for a private flat or a shared flat. That makes it even more exciting. I had never done that before, backpacking somewhere. It was fun and a little adventure that I wouldn’t want to miss.

Another thing I can say is that you don’t have to be afraid of the professors in England at all. They are rather happy when someone asks them something. In Germany, lecturers always give the impression that every question is annoying. The lecturers I met in England were always very happy and super-friendly, almost American in the way they approached you. Maybe superficial on a personal level, but always interested in the subject matter.

That’s also my experience. I was in Glasgow for the semester abroad and it was the same there. Good, then I would move on to the next set of questions, namely the legal clerkship and the career entry. You just mentioned that you were already a bit involved in IT because of your studies and during your legal clerkship you also worked at the Federal Network Agency. What did you basically do there? Is that an interesting station for all those who are now in the EULISP and want to do their legal clerkship afterwards?

It is interesting if you are interested in telecommunications law and the regulatory network world in the EULISP and then come to the corresponding decision-making chambers. Then it’s interesting and you can certainly make good contacts. Gas and energy are basically regulated in a similar way as telecommunications products. At the core, it’s always about prices, for example, when calculating usage fees. As a lawyer, you tend to clarify fundamental questions about the interpretation of the EnWG and help prepare decisions. That must be fun to you. In general, however, at the Federal Network Agency you also learn something about economic administrative law in general and infrastructure regulation laws such as the EnWG or the TKG. That’s why it’s a worthwhile station to see how a federal authority works at the interface with the economy.

You currently work both as a lawyer for IT law and data protection law and as a research associate at the University of Kassel. How did you come to work in the private sector and in academia at the same time?

After the EULISP, I first worked in a medium-sized law firm in Osnabrück, and I have to be honest, after a year we said, no, we’re not coming together. Then I looked for something else and just at that time the research associate position in Kassel became available. I had never worked as a student assistant at a department or anywhere else before, and I was simply curious. I was accepted, probably also because of the EULISP programme. That’s because it was also known there and they could see that I had specialised in this direction.

Personally, I really liked the work at the department and that’s why I stayed. In our project group we do a lot of project work and come into contact again and again with both the authorities and the companies we work with. We then advise them selectively with small expert reports or over a longer period of time in projects or research and publish together. If you do it right, you have a lot of freedom. That’s why I still like this work very much. I stayed as a lawyer because that was the profession where I got my start. That also works, because I can divide my time well. But of course, I have to say that I am a research associate as my main job. I am a lawyer on the side. However, it should also be noted that practical experience and a professional title can definitely be an advantage in legal research projects, especially when it comes to communicating with outsiders.

We have a few questions about your academic work, because we saw something about it on the website of the University of Kassel and found it very interesting: Normally, when we interview IT lawyers and data protection lawyers, it’s mostly about the GDPR and advising companies. But your focus is also on public law and data protection under public law. How did it come about that you entered this field?

Through the LiDaKra project, we worked intensively with police authorities and the union of criminal police officers (DKPol). This involved the analysis of open data sources by the police. This was exactly at the time when the GDPR was adopted and was to be implemented in two years, and everyone was talking about the GDPR and no one was talking about the JHA Directive [Directive (EU) 2016/680], which sets out guidelines for data protection law in the police and public prosecutor’s office. I then had a lot of fun dealing with its implementation in German law. At the same time, I was one of the few who had published something on this [“Das neue Datenschutzrecht bei Polizei und Justiz – Europäisches Datenschutzrecht und deutsche Datenschutzgesetze”, Baden-Baden, 2018 (together with R. Weinhold)]. This was immediately noticeable, because I suddenly received many requests, for example from some state parliaments for expert opinions. That was simply because at the time there were only five academics who felt they had dealt intensively with the topic of the JHA Directive, and I was one of them.

We read on the website of the University of Kassel that you are also the deputy director of the project group “Constitutionally Compatible Technology Design”. What is constitutionally compatible technology design?

That’s a good question, which we discussed all the time. The buzzword “constitutionally compatible technology design” was thought up by our boss, Professor Roßnagel, out of a project where the aim was to develop requirements and criteria for technology design that were as universally comprehensible as possible. In other words, not just on the basis of a simple law, which may contain something that could change again next week. The main point was to be able to methodically derive requirements for technology design based on the constitutional requirements. In other words, to design something generally valid that is not dependent on every change in the law. It is a worthwhile approach to look a little deeper and not only to consult the simple law, but also to try to find universally valid connecting factors.

As part of your academic work, you also dealt with data protection in law enforcement and published the book we talked about earlier, the new data protection law in police and justice. To date, however, the JHA Directive has not yet been fully implemented, and the reason for this lies, in particular, time and again in the debate about police powers of intervention and the basis of the Federal Police Act. But there are always problems with these powers of intervention in Hessen and Hamburg. Are such issues also part of your project work? How one could interpret norms such as § 25a HSOG [also somewhat derisively called “Palantir authorisation basis”] in a constitutional way?

Yes, that would be it, if we have a corresponding project at that point. Our projects are mostly interdisciplinary projects, meanwhile exclusively interdisciplinary projects together with actors from the economy or also other chairs, so something like business informatics or computer science and sometimes authorities. These are very large consortia with many actors and if, for example, a project is about developing concrete technology that plays into this area, then of course it can also be § 25a HSOG. There are good reasons for or against such a project. For example, we have not evaluated § 25a of the HSOG, but have generally supported the fact that something was done at all, because it was the first time that there was a point of contact and a comparison. In this respect, the overall monitoring account must also be taken into consideration.

That is a good keyword: “overall monitoring account”. Do you have the feeling that such powers of intervention by security authorities are becoming more and more extensive, that we must therefore accept ever greater encroachments on fundamental rights in order to still be able to achieve certain goals in the future, such as the prevention of the most serious crime?

That is certainly not a false assumption. That the police want to do more and more is certainly the case. In these areas, they are now being given more and more powers of intervention. This is also because it is not acceptable to always invoke the general clause. Moreover, the police only do what society already does anyway. Data comparison, etc., are phenomena that were previously developed by the public security authorities [keyword: dragnet searches], but are now mainly practised by private companies. So, there will be more and more powers of intervention for the police. But they will no longer be perceived as such strong interventions, because the police are only doing what the big companies have been doing for a long time anyway. This is a concurrent development where, if we already had the knowledge of the technical developments in five years, we would say “Oh God, that’s way too much”. But if we have personally experienced the development in these five years, then we would tend to assume that the whole thing is not so bad, that it is almost normal. That is perhaps an unsatisfactory answer. But that is my feeling when you ask me about the expansion of the powers of intervention. Subjectively, we will not perceive the development as so bad if it continues gradually and there are always corrections in between, whether by the ECJ or the Federal Constitutional Court, to individual laws that are not formulated specifically enough. It is quite normal for the judiciary, the executive and the legislature to argue about new security standards on the basis of fundamental rights.

Finally, we would like to know what significance the EULISP had for you in retrospect.

So practically a very big one. The LL.M. opened doors and was really an advantage in finding a career. I saw once again how teaching can be different. I always liked the practice and practice-oriented learning content much better than some of the other things I had experienced in my undergraduate studies. On a personal level, too, I had never worked so intensively with other students before in my studies. Perhaps that was also due to the fact that the LL.M. had small groups or a relatively small group overall. It was also nice that you had alternating teachers in one course and in different courses and in different areas of knowledge. Overall, the LL.M. was a very valuable addition to my law degree, regardless of the fact that I have now returned to university. So, I can only recommend the EULISP to everyone.