An Overview: Surveillance Practices in Germany
Germany is strengthening its surveillance laws on grounds of national security concerns. The Bundestag approved a series of broadened security measures that will see increased video surveillance.
In effect, the new act will make it easier for private companies to install surveillance cameras in areas open to the public, particularly in shopping centers, by sports stadiums and in parking lots. It also introduces small body cameras for police, while the federal police get systems for scanning car license plates.
Toughening up the country’s security has been a key priority for German politicians after recent high-profile attacks, from the New Year’s Eve 2015-2016 sexual assaults in Cologne to the truck attack at the Christmas market in Berlin.
However, increasing surveillance brings parallels with the oppressive security apparatus of the Communist East Germany. Therefore, any related legislative debate turns into a delicate balancing act between strengthening security and maintaining privacy rights.
Data Retention Act
The highly disputed law on the retention of personal data was passed in late 2015 and entered into force on January 4, 2016. Legislators had originally planned to adopt the draft act before the summer recess of the Bundestag, but the plan was abandoned due to widespread criticism.
The 2016 act calls for retention of various call detail records (CDRs) by German telecommunication and Internet providers. These include phone numbers, the date and time of phone calls and text messages, the content of text messages, and the locations of phone call participants. In addition, Internet service providers (ISPs) are compelled to store user metadata such as IP addresses, the date and time of Internet access, and port numbers.
Providers are required to retain CDR and metadata for 10 weeks and phone location data for 4 weeks. In an attempt to address data security and privacy concerns, the act provides extensive technical requirements for how providers must store the collected data. The most notable of those is the stipulation to physically store the data in Germany.
The Data Retention Act remains controversial in Germany. First of all, the German Federal Constitutional Court had already declared the previous data retention law unconstitutional due to various issues with telecommunications secrecy and data privacy. The existing law is also contentious from the constitutional perspective, and the requirement to store data in Germany may contradict the EU principles of freedom of services and free data flow.
The new measures of increased video surveillance have also faced extensive criticism. According to the opposition, they amount to a massive intrusion on constitutional rights yet offer no actual security benefits. Johannes Caspar, the Hamburg commissioner for data protection, told the parliament that the new law would “pave the way for total surveillance of the public space.”
Many Germans, concerned about their digital privacy, have turned to various online security services. Virtual private networks (VPN) are among the tools that offer the most effective protection. A VPN service, such as NordVPN, reroutes all Internet traffic through a strongly encrypted tunnel, hiding it from surveillance by ISPs or advertisers. Besides, NordVPN keeps no logs of its customers’ activities, meaning it cannot supply any data to the authorities.