To meet the deadline for transposing the European Parliament and Council Directive 95/46/EC on the protection of personal data into national law (24 October 1998) the revision of the Hessian Data Protection Act must proceed rapidly. Preliminary work has been done (3.).

A survey of 300 public agencies in Hesse revealed severe deficiencies in the implementation of provisions of the Hessian Data Protection Act mandating the appointment of data protection officers. To guarantee the effectivness of the data protection officers the respective provisions of the Hessian Data Protection Act should be made more pricise. Additionally, to fulfill their obligation to safeguard privacy, data processing agencies must strengthen the position of data protection officers (4.1)

In 1997 the federal and the state law makers created a new legal framework for the new information and communication services. It takes into account the special threats those services pose for the individual's right to informational self determination (5.).

If video recordings are used in criminal proceedings it must be guaranteed that the rights of the data subject are protected. The Witness Protection Act the Bundestag passed in 1997 does not contain sufficient regulations for the use of video recordings (6.2.1).

At the beginning of 1997 the Hessian state government has passed a concept for the creation of a Hessian Corporate Telecommunications Network (HCN 2000). The stateowned Hessian Center for Data Processing (Hessische Zentrale für Datenverarbeitung) was charged with the realization and the operation of the new state wide communications network. Particular attention will be devoted to data security and data protection (9.1)

Outsourcing of public functions to private corporations must be done in such a way that citizens can still determine who is responsible for the processing of their personal data (10.1).

Citizen offices must have an organisational form that guarantees the individuals right to informational self determination. In particular the data subjects must especially be informed about the diverse procedures and the special risks involved. Confidential talks must be also guaranteed (10.2).

Individuals who attend public establishments such as indoor swimming pools should not be required to accept monitoring of their private conversations. Video recordings must be strictly limited to that which is necessary for security reasons in individual cases (10.5).

It is unlawful to present a report to the district council which employees of the district authority voluntarily have waived their vacation privileges (11.3).

An analysis of the records of the State Office for the Protection of the Constitution has revealed that compliance with the limits on storing personal data leaves much to be desired (14.1).