Tuesday, March 22, 2005

German authorities backing down over financial privacy issue

In a posting a in November 2004 I had written about a new law -- the somewhat Orwellian sounding “Law for the Advancement of Tax Honesty” -- that would allow German tax authorities, social services and the employment office to find out about citizens' financial accounts -- and how that seemed to contradict Germany's long-standing tradition of being a champion of data protection (you find the original posting here).

As already mentioned in that earlier post, a small German cooperative bank (Volksbank Raesfeld, more information here) brought that topic before the German Constitutional Court. Now that the Court is about to pronounce on the case in the next couple of days, German authorities seem to become more flexible in their interpretation of the law -- perhaps in order to avoid defeat. As Sueddeutsche Zeitung, one of the country's leading newspapers, reports today (no online version available unfortunately), the Federal Finance Ministery has now issued guidelines for the procedures to be used with respect to the law.

Citizens are now to be informed after the query of the account has taken place, and they may even be invited to pass on the information themselves. It is now also planned that citizens will have the right to legal action against the query. Furthermore, any query will have to be authorised by a superior in the authority demanding access to the data, and reasons will have to be given.

None of this was initially planned or can be found in the wording of the law. The interesting question now is whether the Constitutional Court will deem this sufficient to attest that the law does comply with the German constitution.

Update: Today (23 March) the German Constitutional Court announced that it will not declare the law unconstitutional for now but await further developments. An application had been made to grant an interim measure before the law enters into force on 1 April. Interestingly, the Court explicitly referred to the Financial Ministry guidelines mentioned above. Further information can be found on the Constitutional Court website.

Thursday, March 10, 2005

More U.S. customer data stolen

After the ChoicePoint case, another large scale data theft has been uncovered in the United States.

As Yahoo and slashdot report, approximately 32,000 U.S. citizens' profiles have been stolen from LexisNexis subsidiary Seisint. Apparently, the information accessed includes names, addresses, social security numbers and driver's license information -- but not credit histories, medical records or financial information.

It is likely that this new incidence of (potential) identity theft will increase the propensity of the political system to take counter measures. As reported in a previous entry of this blog, members of the Senate have already reacted to this and plan to hold hearings. Florida Democratic Sen. Bill Nelson has introduced a bill that would impose tougher regulations on the data industry.

The accumulation of problems in this area might create a policy window for tightening regulation -- but that remains speculation at this point.