European Privacy Law Blamed for Cancelation of Christmas Tradition in German Town

November 21, 2018 Updated: November 21, 2018

BRUSSELS—European officials have been forced to defend their new privacy laws, which are being earmarked for export to the United States, after they were blamed for a German town canceling its popular children’s Christmas tradition. The local authority in Roth, near Nuremberg, temporarily called off an annual event in which youngsters hang hand-written notes with their wish lists to Santa on the town center’s Christmas tree.

It said the ceremony had to be canceled because it ran afoul of the European Union’s new data protection law, the General Data Protection Regulation (GDPR), which came into force in May.

However, after local radio station Antenne Bayern stepped in at the last minute and drafted a new parental consent form, local officials said the celebration will now go ahead as planned.

The event had already been put on hold last year due to concerns over how the rules would be applied, and officials had announced it was “discontinued until further notice.”

In previous years, around 4,000 children have taken part, with notes they left being used to organize meetings with the mayor and visits to the fire station for local children.

However, lawyers at the city hall had warned that the new GDPR rules meant they would have to update the written permission they collect from the parents of every child for their wish lists to be displayed in public.

A townhouse from the mid 17th century in Roth, Germany in this file photo.
A townhouse from the mid 17th century in Roth, Germany, in this file photo. (Michael von Aichberger/Shutterstock)

The town could have faced heavy fines if it couldn’t prove that it wasn’t storing and protecting the data it had received in line with tough new EU standards.

“There won’t be any sparkling children’s eyes in front of the Christmas tree,” Melanie Hanker, the events manager at the local authority, had told German newspaper Die Welt.

Daniel Dalton, the digital market spokesman for the UK Conservative group in the European Parliament, said local officials had acted like “Scrooges” by canceling the event.

“Keeping people’s data safe is important. But saying ‘bah, humbug’ to kids who just want to write to Father Christmas shows some people simply don’t have a clue,” said Dalton.

However, the European Commission defended the GDPR and insisted that German officials’ interpretation of the requirements GDPR imposes was in “no way” accurate.

“Santa Claus should have the contact details of a family in order to deliver the presents indicated on the wish list he received—provided the parents agree, in case of minors,” a European Commission spokesperson told The Epoch Times.

“These have been the rules for the past 20 years and the General Data Protection Regulation has not changed this situation.”

In a statement, Romina Satiro, from Roth city council, said the event had been saved at the last minute after the local radio station came to the rescue by consulting lawyers on a new parental consent form.

“According to GDPR that has been in effect since May 2018, the original wish list form of the city Roth did not include the information that the data of the kids are going to be handed out to third persons,” Satiro said.

“On the new form, additional information is included, which describes that all the data are going to be handed out to third persons like sponsors. Combined with the signature of the parents the form is legally allowed.”

The GDPR, which sets strict new conditions on what data authorities and companies can collect and how it must be stored and protected, is being considered as a possible template for export to the United States.

Technology companies, including computer giant Apple and social media site Facebook, have urged U.S. President Donald Trump to adopt European-style laws, having already adapted their processes.

Apple’s chief executive Tim Cook and Facebook’s head of privacy Erin Egan made the call during a joint visit to the Belgian capital last month.

However, GDPR has been controversial in Europe where critics have accused the new law of being too heavy-handed and placing an unreasonable burden on small and medium-sized organizations.

Even some large companies have decided the regulation is too difficult to comply with, with a number of U.S. media outlets including the Los Angeles Times and the Chicago Tribune blocking their websites to European users.