Germany is working toward being the most secure digital data site in the world. But as the world’s citizens knit together in networks that aren’t confined within geopolitical borders, the governments of individual countries with strong values face complex legal and trade-related issues when trying to assert them.
A serious emphasis on privacy is embedded in German law, and even more deeply ingrained in German culture. The 1949 German constitution created after WWII forbids spying on German citizens, and challenges to the fierce protection of privacy tend to spark quick, wary references to the past. The Federal Data Protection Act was established in 1990, and has continued to be strengthened since then.
Digital Society, in Berlin, is a group of 35 industry specialists (such as copyright lawyers, cryptography professors and journalists) formed in 2010 to keep the public educated about data privacy issues, and to propose legislation to the German parliament. “In Germany,” said Markus Beckedahl, one of Digital Society’s founders, “privacy is a civil right, and in the United States, it’s an option.” Edward Snowden’s 2013 revelations about the US data collection of German citizens’ phone conversations by the NSA dominated German media for a while, and damaged German-American relations.
But pressures from the EU and international giants like Google and Amazon, push data-sharing agreements that prioritize corporate profits and consumer convenience, as well as fears, such as that of terrorism. Many countries are building policy around such concerns, but Germany would like to avoid capitulation to compromised security standards, even as it retains leadership as an economic power.
A recent survey by auditor KPMG and the German digital trade association, Bitkom, shows that 83% of German companies expect their cloud provider to retain its data centers in Germany, while 74% want them to at least be located somewhere in the EU. This is not a perspective that supports such strategies as the EU plan to create the Digital Single Market (DSM), which would be a unified EU digital market that eliminates regulatory barriers for online services and goods.
Nor does this attitude embrace the EU-US Privacy Shield agreement that went into effect in July of 2016. That agreement gives companies the legal right to transfer data from the EU to the US, but with required US Department of Commerce reviews. Resistance continues, however, although one compromise that seems to be effective as practiced by companies such as Microsoft, is to assign “data trustees” within Germany, no matter where the data is physically stored or what levels of encryption it has undergone.
Awareness of this highly sensitive issue is important to keep in mind when dealing with German clients, maintaining respect for boundaries you may not be accustomed to dealing with. Skrivanek Group is well acquainted with all the relevant subtleties of the German culture and language, as well as the country’s laws, including the new and volatile area of cyber-law.