Privacy-keen Germans push back against plans to 'duplicate the US data chaos'

Proposals that German firms could start scooping up more than just essential personal data have been met with anger by privacy advocates.
Written by David Meyer, Contributor

The changes to how much personal data can be collected in Germany could come in the form of post-election legislation.

Image: Getty Images/iStockphoto

Angela Merkel's CDU party, which is preparing for likely re-election in September, wants to make Germany more open to big-data business by relaxing a key element of its data-protection regime.

On Tuesday, Der Spiegel reported on a CDU strategy paper that criticizes the principle of data minimization, or Datensparsamkeit. The term refers to collecting only the data you really need through sensors and online platforms, rather than scooping up as much as you can.

According to the CDU document, data minimization should no longer be a general guideline as it "reduces opportunities for new products and services and potential progress".

The paper acknowledges there is likely to be resistance to the idea in the famously privacy-keen country, so any shift would require a "trust basis", but changes should nonetheless come in the form of post-election legislative measures.

Germany's strong data-protection laws are partly a function of its history. It experienced excessive surveillance by both the Nazi and East German regimes in last century.

However, much of Germany's industrial strength lies in sectors such as automotive, where big data is becoming a core part of the way companies do business. So, in recent years, much of German industry has been calling for a relaxation of the laws to allow businesses to surf this wave.

"We have to see data as something you can work with, and if you try to minimize data, you don't have data to work with," said Andreas Streim, a spokesman for Germany's Bitkom digital industry association. "We have to find a balance between security and privacy and the possibility for new business models."

Rights activists see things quite differently. Joe McNamee, the executive director of the Brussels-based European Digital Rights (EDRi), said a shift towards recording and exploiting more data would reduce people's trust in European digital services.

"The CDU is, apparently with a straight face, trying to duplicate the US data chaos to support EU industry, removing European companies' and the European legislative framework's biggest competitive asset," McNamee said.

He pointed to a 2016 report from the US Commerce Department's National Telecommunications & Information Administration, which stated that fears over online security and privacy were "prompting some Americans to limit their online activity".

"The [CDU's] political spin is horrifyingly ill-informed, ill-conceived and naïve," McNamee said.

It is indeed difficult to see how the plans of Merkel's party square up with the incoming EU General Data Protection Regulation (GDPR). The legislation, which will come into effect next May, includes data minimization as a core principle, stating: "Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed."

"The problem here is that [the CDU] doesn't really see that data minimization is only an issue if you talk about personal data," said Jan-Philipp Albrecht, the German Green member of the European Parliament who championed and steered the GDPR.

"Much of [the discussion around] data analytics and science is not necessarily about personal data, but about industrial data. In this area, of course when it comes to non-personal data, nobody wants data minimization. Everyone wants as much data as possible. If they call for authorities to release data to the benefit of innovators et cetera, then of course we're all on board."

But where data about identifiable individuals is concerned, Albrecht warned, data minimization was essential to give people control over the information they share.

"I don't think they fully understand this, but they throw everything in the same box and say 'Data minimization; we shouldn't do this anymore'," he said.

The MEP also pointed out that the European People's Party, the European Parliament bloc of which the CDU is a core member, enthusiastically backed the new EU law.

"They ignore the fact that their government and party family has unanimously voted in favor of a full mentioning of data minimization in the GDPR. It's bizarre if they call for an end to it, as they've just voted for a law to preserve it."

"They should be careful about not looking ridiculous if they call for these things."

More on data privacy

Editorial standards