Image: Markus Wissmann / shutterstock.com
When birthday greetings cause trouble
What used to be considered a nice gesture is now causing official correspondence: Tübingen's mayor Boris Palmer is at loggerheads with Baden-Württemberg's state data protection commissioner—because of a harmless congratulatory message in the official gazette. Specifically, it concerns a public congratulation on the 75th birthday of a citizen. However, the citizen did not find this festive at all and complained—on the grounds of data protection.
The supervisory authority is now investigating whether the city of Tübingen violated applicable data protection law by publishing the information. Sounds like a minor issue? Not for data protection advocates—and certainly not for Palmer, who made his feelings clear on Facebook: "This is bureaucracy in its final stage."
Data protection or data terror?
What actually happened here? The city of Tübingen publicly congratulated a citizen on his milestone birthday, as it had done for decades. In the past, this was allowed without any problems as long as no one objected. However, since the amendment to the Federal Registration Act in 2015 and the introduction of the GDPR, the days of "just doing it" are over: local authorities are now only allowed to publish such data with express consent.
In concrete terms, this means that written consent must be obtained before any congratulations are published—even if it is only three harmless lines in the official gazette.
Palmer considers this to be "unrealistic." He sees his administration being blocked by excessive procedures, while at the same time real challenges—such as dilapidated schools and crumbling infrastructure—are being neglected.
Is the well-wisher a data protection risk?
The other side sees things differently: the data protection authority refers to several complaints and warns against publishing personal data without consent—especially on the internet. Official gazettes often contain age, name, and place of residence, which are sensitive pieces of information—and could potentially be useful to criminals such as grandparent scammers.
Data protection expert Karakurt makes it clear: "A reference to a practice that has been in place for decades alone does not justify an infringement of people's fundamental rights." For him, it is clear: anyone who is named publicly must give their consent beforehand – period.
For Palmer, however, this development is an attack on the community itself. Public congratulations are an expression of closeness and recognition—something that promotes social cohesion. "This is how you destroy community—and then call it legal compliance," he complains.
And now?
Viewed objectively, the legal situation is clear: no publication without consent. That is what the law says—and there is no way around it. But that is precisely what angers Palmer: that the law and reality are so far apart. Because obtaining, storing, and documenting every single consent takes up resources without anyone actually benefiting from it. On the contrary, it creates the impression that data protection no longer protects people, but rather fights common sense.
Comment: When data protection breaks down community
It seems as if a legal principle is being taken to absurd extremes here. Protecting personal data is important—there's no question about that. But when a birthday greeting becomes a bureaucratic hurdle with the threat of punishment, then something has gone too far.
Instead of citizen-friendliness, there are checklists; instead of enjoyment of community life, there are legal gray areas. The principle of "consent" is treated here as an act of statecraft—yet it is simply a matter of a kind gesture.
It is not too much to expect data protection authorities to distinguish between genuine danger and excessive regulation. Because yes, it is possible to respect fundamental rights without throwing common sense out the window.
