(7) With regard to processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119 of 4 May 2016,

(1) Public bodies of the Federation are the authorities, judicial bodies and other public law institutions of the Federation, of direct federal corporations, statutory bodies and foundations established under public law and of their associations irrespective of their legal form.

(2) Public bodies of the Länder are the authorities, judicial bodies and other public law institutions of a Land, a municipality, an association of municipalities or of other legal

(4) Even after his or her official relationship has ended, the Federal Commissioner shall be obligated to secrecy concerning matters of which he or she is aware by reason of his or her official duties. This obligation shall not apply to official communications or to matters which are common knowledge or which by their nature do not require confidentiality. The Federal Commissioner shall decide at his or her due discretion whether and to what extent he or she will testify in or outside court or make statements concerning such matters; if he or she is no longer in office, the permission of the Federal Commissioner in office shall be required. This shall not affect the legal obligation to report crimes and to uphold the free and democratic order wherever it is threatened. Sections 93, 97, 105 (1), Section 111 (5) in conjunction with Section 105 (1) and Section 116 (1) of the German Fiscal Code shall not apply to the Federal Commissioner or his or her staff. The fifth sentence shall not apply where the financial authorities require such knowledge in order to conduct legal proceedings due to a tax offence and related tax proceedings, in the prosecution of which there is compelling public interest, or where the person required to provide information or persons acting on his or her behalf have intentionally provided false information. If the Federal Commissioner determines that data protection provisions have been violated, he or she shall be authorized to report the violation and inform the data subject accordingly.

5. upon request, to provide information to any data subject concerning the exercise of their rights under this Act and other data protection legislation, including legislation adopted to implement Directive (EU) 2016/680, and if appropriate, to cooperate with the supervisory authorities in other Member States to that end;

7. to cooperate with, including by sharing information, and provide mutual assistance to other supervisory authorities, to ensure the consistency of application and enforcement of this Act and other data protection legislation, including legislation adopted to implement Directive (EU) 2016/680;

(5) The Federal Commissioner shall work to cooperate with the public bodies responsible for monitoring compliance with data protection provisions in the Länder and with the supervisory authorities under Section 40. Section 40 (3), first sentence, second half sentence, shall apply accordingly.

(2) At the deputy’s request, the joint representative shall delegate to him or her the leadership of negotiations and the voting right in the European Data Protection Board in matters dealing with the performance of a task for which the Länder alone have the right to legislate, or which affect the establishment or procedures of Land authorities.

(1) The Federal Commissioner and the supervisory authorities of the Länder (supervisory authorities of the Federation and the Länder) shall work together in European Union matters with the aim of consistently applying Regulation (EU) 2016/679 and Directive (EU) 2016/680. Before submitting a common position to the supervisory authorities of the other Member States, the European Commission or the European Data Protection Board, the supervisory authorities of the Federation and the Länder shall give each other the opportunity to comment at an early stage. For this purpose, they shall share all relevant information. The supervisory authorities of the Federation and the Länder shall consult the specific supervisory authorities established under Articles 85 and 91 of Regulation (EU) 2016/679 if these authorities are affected by the matter.

(2) If the supervisory authorities of the Federation and the Länder fail to achieve agreement on a common position, the lead supervisory authority, or, in the absence of a lead authority, the joint representative and his or her deputy, shall present a recommendation for a common position. If the joint representative and his or her deputy fail to agree on a recommendation for a common position, the deputy shall determine the recommendation for a common position in matters dealing with the performance of a task for which the Länder alone have the right to legislate, or which affect the establishment or procedures of Land authorities. For matters other than those referred to in the second sentence in which the joint representative and deputy fail to agree, the joint representative shall determine the common position. The negotiations shall be based on the position recommended pursuant to the first to third sentences unless the supervisory authorities of the Federation and the Länder adopt a different position with a simple majority. The Federation and each Land each have one vote. Abstentions shall not be counted.

(3) The supervisory authorities shall not have the investigative powers according to Article 58 (1) (e) and (f) of Regulation (EU) 2016/679 with regard to the persons listed in Section 203 (1), (2a) and (3) of the Criminal Code or their processors as far as exercising these powers would violate these persons’ obligations to secrecy. If in the context of an investigation a supervisory authority becomes aware of data subject to an obligation of secrecy as referred to in the first sentence, the obligation of secrecy shall also apply to the supervisory authority.

(3) If the provision of information relates to the transfer by public bodies of personal data to the authorities for the protection of the Constitution, the Federal Intelligence Service, the Military Counterintelligence Service and, as far as the security of the Federation is affected, other authorities of the Federal Ministry of Defence, such provision shall be permitted only with the approval of these bodies.

(1) The authorities pursuant to Land law shall monitor the application by private bodies of data protection legislation within the scope of Regulation (EU) 2016/679.

(2) If the controller or processor has more than one establishment in Germany, Article 4 no. 16 of Regulation (EU) 2016/679 shall apply accordingly in determining which supervisory authority is competent. If more than one authority considers itself competent or not competent, or when the competence is unclear for other reasons, the supervisory authorities shall make a joint decision in accordance with Section 18 (2). Section 3 (3) and

(3) The supervisory authority may process the data it has stored only for purposes of supervision; to this end, it may transfer data to other supervisory authorities. Processing for another purpose shall be permitted in addition to Article 6 (4) of Regulation (EU) 2016/679 if

(6) The supervisory authorities shall advise and support the data protection officers to meet their typical needs. They may demand the dismissal of a data protection officer if he or she does not have the expert knowledge needed to perform his or her tasks or if there is a serious conflict of interests as referred to in Article 38 (6) of Regulation (EU) 2016/679.

(3) Authorities and other public bodies as referred to in Section 2 (1) shall not be subject to any administrative fines.

(2) Subsection 1 shall not apply to proceedings against public authorities acting in the exercise of their sovereign powers.

9. ‘recipient’ means a natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or other law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

(3) If the notification relates to the transfer of personal data to the authorities for the protection of the Constitution, the Federal Intelligence Service, the Military Counterintelligence Service and, as far as the security of the Federation is affected, other authorities of the Federal Ministry of Defence, such notification shall be permitted only with the approval of these bodies.

(5) If the information to be provided relates to the transfer of personal data to the authorities for the protection of the Constitution, the Federal Intelligence Service, the Military Counterintelligence Service and, as far as the security of the Federation is affected, other authorities of the Federal Ministry of Defence, such provision shall be permitted only with the approval of these bodies.

(1) The Federal Commissioner shall provide the supervisory authorities in other European Union Member States with information and mutual assistance as far as necessary to implement and apply Directive (EU) 2016/680 in a consistent manner. Mutual assistance shall cover, in particular, information requests and supervisory measures, such as requests to carry out consultations, inspections and investigations.