What happens when a country no longer trusts its data is safe? It starts building

In Germany, privacy concerns mean an increase in data security centres in the country and interest from international companies.
Written by Michael Filtz, Contributor

Last November, when American lawmakers and secret service representatives visited Germany to meet with their German counterparts, the country's influential news magazine Der Spiegel published a series of articles whose headlines expressed contempt for the US' lack of concern with the post-Snowden fallout.

"The Obama administration dispatched two lawmakers to Berlin this week to help ease concerns about the NSA spying scandal," the magazine reported. "Yet the word 'sorry' never crossed their lips."

In some ways, the magazine's reporting may reflect a wider anxiety in the country. Individuals and businesses, concerned with data privacy in the wake of the Snowden leaks (as well as a few recent highly-publicised, widespread cases of identity theft), are increasingly demanding more protection.

And the country's malaise is becoming more pervasive: a study released late last year by BITKOM, Germany's technology trade body, found that 80 percent of German internet users felt that their data was unsafe. (The same survey done in July 2013, right after the leaks, found that 66 percent considered their data at risk.)

In the face of this, Germany already has some of the continent's toughest data privacy regulations. The country has a complex system of rules that govern the collection and storage of data, with a stringent notification system for surveillance. For instance, video surveillance can only be used for three distinct purposes, and even then "suitable measures shall be taken to make clear that the area is being monitored and to identify the controller", according to the Federal Data Protection Act.

And yet, some Germany-based cloud service providers say that, since last year, they have seen an increase in interest in data security.

"We do see that there is an increase in policy discussion," Sven Denecken, SAP's vice president for cloud strategy told ZDNet. And as such, "the current debate on data security of course has raised understandable concerns among both private and public users".

Likewise, Jürgen Kohr, the head of Deutsche Telekom's cybersecurity unit, said that he has seen an increasing interest in privacy issues as well. "What we saw last year was a huge fight, starting with PRISM in June," Kohr said. And "now we see that the demand is coming in more and more," with customers asking, "how will we prepare ourselves in the future? How are we really threatened?"

This concern is prompting a flurry of construction, as companies rush to build new data security centres in the country. Last month at the CeBit conference in Hanover, Deutsche Telekom said that it plans to build a cyber defence centre, where the company hopes to "identify cyber attacks significantly earlier than was previously possible", according to a statement from the telco.

Furthermore, the Federal Ministry of Education and Research has announced that it would set up two "data competence centres" in Berlin and in Dresden this year, and begin funneling some €20m a year to research data security. (The ministry already operates three security centres in the country.)

But perhaps more surprisingly, this is coinciding with an increase in interest from international companies. Nokia recently announced that it would establish a mobile broadband security centre in Berlin, where it will research security issues by performing threat simulations and testing solutions. Hermann Rodler, the company's managing director in Germany, said that geography absolutely played a role in the choice of location. "Europe and specifically Germany are leading drivers for the highest standards of telco security and privacy protection," he said in a statement.

And more might be coming: according to the Wall Street Journal, Amazon recently hinted that it might build a data centre in Germany — locating a datacentre on their home turf is often viewed as a way to offer better data security to local customers.

Flocking to Germany for better protection?

Why would large international companies like Nokia and Amazon want to set up their data shops in Germany? Amazon's vice president told the Wall Street Journal that it was due to vocal demand by customers in the country. Germany was "'one of the few countries' where customers are asking for a datacentre 'on their own soil'", the newspaper reported.

Beyond that, it might be because Germany, with its strict privacy laws and modern infrastructure, is the best thing they can get: having their data in a place that's tough on privacy will allow them to better deal with most other countries who might have less strict laws.

This can be an attractive proposition, even for those who aren't Amazon or Nokia. A recent survey of ICT professionals found that the vast majority of those surveyed said that they are changing their cloud-buying behaviour as a direct consequence of the Snowden revelations.

And indeed, SAP's Sven Denecken said that, because of Germany's privacy laws, some of the company's international customers are beginning to request that their data is hosted within the customers borders.

"I have customers who come from outside Germany who want to have their data in a German datacentre," he said, due to the perception that the country has the "highest standards" for data security.

Read more on changing attitudes to data security

Editorial standards