Germany is double-dealing on European data regulations, according to negotiators on a new EU regulation, by demanding high privacy standards in public while promising lobbyists to lower proposed standards in closed-door Brussels talks.
Negotiations to replace the 1995 EU data privacy laws, governing who can retain user data and for what purpose, reach a critical stage next week in Brussels. Recent German amendments to the proposed regulation during negotiations at the council of minister have taken other countries – and privacy campaigners – by surprise.
"There appears to be a gap between what German officials say and what is now happening at working group level," said Dr Alexander Dix, Berlin state data protection commissioner, regarding the recent draft proposals.
Some 18 months ago German chancellor Angela Merkel insisted the EU data regulation must meet the "high data protection laws in Germany".
She said the Snowden regulations had made clear why the EU needed new data protection laws to overcome a situation where “
is based in
, and then Irish law applies”. The unspoken implication – that Irish privacy standards are lower than in Germany – is widely held by German data privacy officials and campaigners.
But now these same officials fear lobby groups are winning the debate in Brussels to lower existing EU data sharing standards, and that the country doing their bidding is not Ireland – but Germany.
Of particular concern is a German amendment that could allow user data be passed on to a third party, for another use, without the user’s explicit consent.
This is currently the case for German banks, direct marketing companies and credit scoring companies but not, they fear, under the new EU regulation.
Today's Der Spiegel publishes a lively email correspondence between lobbyists and Berlin's interior ministry on this and other concerns.
Government officials pass confidential documents to lobbyists and ask – in the unusually friendly “du” form – to quickly send “one or two hard points we could bring to the table”.
The fruits of the close contact between lobby groups and the ministry: a demand from Germany that the new regulation must not “be allowed hinder the business of direct marketers and credit rating agencies”.
An interior ministry spokesman denied the correspondence indicated “disproportionate consideration” from its officials for lobby concerns in Brussels. Brussels-based privacy groups have accused Berlin of “short-sighted” hypocrisy.
“Germany has gone off the deep end,” said Joe McNamee, executive director of the EDRI privacy group. “Since the economic crisis there’s been a view there that whatever business wants, business should get.”
His concern is shared by German privacy campaigners.
“Berlin is playing the role of the representative of particularly lobby groups, possibly the marketing and publishing sectors,” said Jan-Philipp Albrecht, a German Green MEP and privacy specialist.
Other EU negotiators at the talks admit there is amusement in Brussels at the gap between Berlin’s public rhetoric and its privacy negotiation strategy.
“Let’s just put it this way: Germany has a thriving market economy with big companies that all want freedom to process data,” said the senior negotiator, who asked not to be named.
Berlin was not explicitly trying to water down proposed EU privacy standards, the negotiator suggested, but was “perhaps taking liberties”.