Thursday, November 18, 2004

Germany and privacy: change is under way

Germany -- or more precisely: the Federal Republic of Germany -- used to be a shining example of privacy and data protection. Undoubtedly spurred on by the experience of Nazi totalitarianism in the 1930s and 40s and the example of the Communist surveillance state GDR as next door neighbour, (then) West-German politicians were early adopters of comprehensive data protection legislation in the 1970s. In the early 1980s the Federal Constitutional Court further strengthened German citizens' protection by acknowledging a "right of informational self-determination". But now Germany's position as a country with one of the strictest privacy protections in the European Union is about to change -- and there is little public debate about it.

In two areas that are central to informational privacy, legal changes will soon alter the landscape substantially: the state will soon have comprehensive access to citizens' financial information, and it will be able to monitor email communications. To add insult to injury, none of this will be paid for by the state -- the citizens themselves will have to foot the bill for being snooped upon.

According to the "Telekommunikations-Überwachungsverordnung" (see here for some [German language] information) all ISPs have to install "spy boxes" that filter all email traffic for addresses of suspects and then copy the respective data packets straight to the authorities. While that regulation entered into force already in May 2003, implementation had been delayed until now. But from January 2005 the German state will be able to monitor all email traffic. What little public debate there is on this does not centre on what this means for privacy or civil rights; the only voices present are those of the ISPs complaining about the cost burden this places on them (more information here).

Three months later, in an effort to root out tax evasion, German inland revenue, social services and the labour office will gain access to citizens' financial accounts -- with the help of BaFin, the German financial services regulator. Information about financial accounts can be had without cause or concrete suspicion -- which German weekly Der Spiegel likened to issuing spare keys to citizens' houses on the reasoning that they might hoard stolen goods there. And again the costs of all this have to be borne by the banks -- who will likely pass it on to their customers. Do citizens have to be informed of the act, at least afterwards? No. And no judge will be involved either.

A small German cooperative bank (Volksbank Raesfeld, more information here) has now brought the issue before the Federal Constitutional Court. Interestingly the various German banking associations have remained silent on this (where are you, Josef Ackermann, when you are needed? one is tempted to ask...). When the judges will decide (probably some time in late 2005) we will see more clearly whether they uphold their views on the "right to informational self-determination" or not -- and whether Germany's position on privacy and data protection will really have changed.

Update The German Data Protection Officer, at a conference aptly entitled "20 years after Orwell", today bemoaned these developments. You can find the text of his speech here.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home