Privacy in Germany 2008: A new fundamental right, a privacy mass movement, and the usual surveillance suspects

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The year of 2008 can be marked as the year where privacy moved high on the
public agenda in Germany. On 1st of January, the law on data retention went
into effect, which made Germany drop from number one to seven in the country
ranking published by Privacy International. At the same day, a
constitutional challenge was submitted at the supreme court. The German
working group on data retention and its allies managed to have more than
34,000 people participate in this case – the largest constitutional
complaint ever seen in German history. The paperwork had to be brought to
the constitutional court in huge moving boxes, which also offered a nice
photo opportunity for everyone wanting to demonstrate how many people oppose
data retention.

In February we saw the constitutional court decision on secret online
searches of peoples’ hard drives (the “federal trojan”). The court limited
the use of this tool for cases where there are “factual indications of a
concrete danger” in a specific case for the life, body and freedom of
persons or for the foundations of the state or the existence of humans,
government agencies may use these measures after approval by a judge. The
decision was widely considered a landmark ruling, because it also
constituted a new “basic right to the confidentiality and integrity of
information-technological systems” as part of the general personality rights
in the German constitution.

In March, the Chaos Computer Club published the fingerprint of the federal
minister for the interior, Wolfgang Schäuble. This sparked high public
attention and made frontpage news, and proved that biometric athentication
as introduced in the German passport and identity card is not safe at all.
Inspired by the recent successes, the growing number of privacy activists
held a de-central action day in May. Different kinds of activities, like
demonstrations, flash mobs, information booths, privacy parties, workshops,
and cultural activities took place in all over Germany.

Over the summer, some of the biggest German companies helped in raising
public awareness of the risks of large data collections. Almost every week,
there were reports on a big supermarket chain spying on its employees, on
cd-roms with tens of thousands of customer data sets from call centers –
including bank account numbers – being sold on the grey market, on the
largest German telecommunications provider using retained traffic data for
spying on its supervisory board and on high-ranking union members, on an
airline using its booking system to spy on critical journalists, on two
large universities accidentially making all student data available online,
or on a big mobile phone provider “losing” 17 million customer data sets.

The Federal Government, under building public pressure, introduced some
small changes for the federal data protection law, but at the same time
continued its push for more surveillance measures in the hands of the
federal criminal agency (Bundeskriminalamt, BKA). These included the secret
online searches the constitutional court had just cut down to very
exceptional circumstances a few months earlier. The German public discussed
these moves very critically, especially since journalists are exempted from
special protections that are given to priests, criminal defense lawyers, and
doctors.

Because of the public concern and debate about privacy risks, the call to
another mass street protest was even more successful than ever before. The
“Freedom not Fear”action day on 11th October was the biggest privacy event
of the year. In Berlin, between 50,000 and 70,000 persons protested
peacefully against data retention and other forms of “surveillance mania”,
making it the biggest privacy demonstration in German history. Privacy
activists in many cities all over the world participated with very diverse
and creative kinds of activities and turned this day into the first
international action day “Freedom not Fear”.

The anti-surveillance protests finally kicked off some serious discussion
within the Social Democratic Party in a number of the German länder
(states). This resulted in a loss of the majority for the law on the federal
criminal agency (BKA) in the second chamber (Bundesrat) in the first vote.
It only was passed weeks later, after some changes were introduced, and with
heavy pressure from leading federal Social Democrats. The new law is still
seen as unconstitutional by many legal and privacy experts and in January
2009 a case was submitted to the constitutional court.

Privacy activists in the fall of 2008 also campaigned against the retention
on flight passenger name records, forcing Brigitte Zypries, the German
minister of justice, to freeze her plans on the matter until after the
federal elections in the fall of 2009. More recently, the working group on
data retention attacked the “voluntary data retention” proposed in the EU
telecom package, as well as the renewed data exchange agreements between the
EU and the USA.

EDRi-gram: Germany: New basic right to privacy of computer systems
(27.02.2008)
http://www.edri.org/edrigram/number6.4/germany-constitutional-searches

EDRi-gram: German constitutional challenge on Data Retention (12.03.2008)
http://www.edri.org/edrigram/number6.5/germany-data-retention

EDRi-gram: Fingerprinting the fingerprint proponent (9.04.2008)
http://www.edri.org/edrigram/number6.7/fingerprint-schauble

EDRi-gram: German Protests in over 30 cities against surveillance(2.07.2008)
http://www.edri.org/edrigram/number6.13/german-protests-surveillance

EDRi-gram: International Action Day “Freedom not Fear” (22.10.2008)
http://www.edri.org/edri-gram/number6.20/freedom-not-fear-international-day

(contribution by Annika Kremer, Working Group on Data Retention, and Ralf
Bendrath, EDRi member Netzwerk Neue Medien – Germany)