Measures for better privacy protection

Progress report of 14 August 2013

Speaking at a press conference on 19 July where she presented her eight-point programme for better privacy protection, Federal Chancellor Angela Merkel stated: Germany is a land of freedom. In our society, security is also a fundamental value freedom and security are two sides of the same coin. The Federal Government is conscious of its responsibility to protect the people of Germany from terrorist attacks, crime, and from the invasion of their privacy. In order to maintain the right balance between freedom and security, the relevant legislation has to be constantly revised and adjusted. Germany is part of a globalised world and maintains multiple and diverse international links. For historic reasons, different countries with their different histories vary in their views on what constitutes the correct balance between freedom and security. In response to recent events and their media coverage, our citizens are rightly demanding answers about the protection of their privacy. The Federal Government is taking their concerns seriously: it remains in close contact with the United States and other friendly states. Moreover, it will advocate higher standards of privacy protection at international level, whilst also giving appropriate consideration to national security and the needs of the business community. At national level, the Federal Government will consult with policy-makers and representatives of associations, the lnder, science, the IT sector, and companies that use these technologies, to find ways of promoting the use of IT security products developed by trustworthy manufacturers. The following is a detailed list of the measures the Federal Government has taken since 19 July 2013 and is vigorously pursuing: 1) Cancellation of administrative agreements These agreements that were concluded between Germany and the United States of America, the United Kingdom, and France in 1968/1969 laid down a procedure whereby foreign authorities could request that data protected under the principle of privacy of correspondence, posts and telecommunication be passed on to them in the interest of the safety and security of their troops stationed in Germany. These requests had to be lodged with the Federal Office for the Protection or the Constitution or the Federal Intelligence Service. On behalf of the Federal Government, the Federal Foreign Office exchanged diplomatic notes with the United States of America and the United Kingdom on 2 August and with France on 6 August, whereby the respective administrative agreements were terminated by mutual consent. This also marked the successful conclusion of this part of the initiative that was begun by Federal Minister of the Interior Hans-Peter Friedrich on 12 July 2013 during his trip to the United States.

Furthermore, the Federal Government is in favour of a declassification of the administrative agreements with the United States and France, so that this information can be made available to the public. The Federal Government had already achieved the declassification of the agreement with the UK in 2012. 2) Talks with the U.S. Talks with the U.S. to establish whether and to what extent data has been mined in Germany are continuing at expert level. The Federal Office for the Protection of the Constitution has set up a working unit for NSA surveillance. Their findings will be reported to the Parliamentary Control Panel. The Federal Government is pursuing its dialogue with the U.S. authorities to secure answers to the questionnaire that has been submitted to the U.S.

The Federal Government responded to the first media reports about U.S. surveillance programmes immediately and commenced its investigations. From the outset, numerous channels have been used in pursuit of answers. The Federal Chancellor has held in-depth talks with President Obama on the subject, asking for the facts of the matter to be elucidated. To reinforce this political message, Foreign Minister Guido Westerwelle and Minister of Justice Sabine LeutheusserSchnarrenberger have made similar requests to their respective counterparts, Secretary of State John Kerry and Attorney General Eric Holder. In the various discussions he has held with Vice-President Biden and others, Federal Minister of the Interior Friedrich has been pressing for answers in the interest of transparency. Other talks have been held at expert level. Furthermore, back at the beginning of June, the Federal Ministry of the Interior submitted a questionnaire to the U.S. Embassy in Berlin. These initiatives have been key in ensuring that the matter is investigated further. The U.S. side has now stated that its actions are in line with German and U.S. law. Neither the Federal Government, nor the operators of large internet exchange points in Germany have any evidence that the U.S. is conducting activities to intercept data on German soil. The EU-U.S. Working Group will continue to pursue its investigations. Following the talks Federal Minister of the Interior Friedrich held in Washington in July 2013, the U.S. have launched a large-scale declassification process so that parts of the U.S. data collection programme can be revealed to the public. Talks about this process are continuing, not least at expert level. At the Federal Office for the Protection of the Constitution, work has begun on a Special evaluation of U.S., UK and French technical intelligence services activities pertaining to Germany. Under the chairmanship of the authoritys Vice President, experts from across the different Directorates-General have formed an interdisciplinary working group to investigate these matters.

The Federal Government has been reporting its findings to the Parliamentary Control Panel (in its meetings on 12 and 26 June, 16 and 25 July, and on 12 August 2013) and will continue to do so. The relevant Bundestag Committees have also been informed. 3) UN Agreement on Data Protection At international level, the Federal Government is advocating negotiations for an Optional Protocol to Article 17 of the UN International Covenant on Civil and Political Rights of 19 December 1966. Under Article 17, no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence. The Optional Protocol to this Article would provide for privacy protection in the digital sphere. On 19 July 2013, Federal Minister of Justice Leutheusser-Schnarrenberger and Federal Foreign Minister Westerwelle wrote to their respective counterparts in the EU Member States to suggest an initiative for better privacy protection in the digital sphere. This initiative involves drawing up an Optional Protocol to Article 17 of the UN International Covenant on Civil and Political Rights of 19 December 1966 to ensure that no arbitrary or unlawful interference with a persons privacy, family, home or correspondence occurs. As part of the Federal Governments effort to promote this initiative, Federal Foreign Minister Westerwelle presented it at the meeting of the External Relations Council on 22 July and at the meeting of the four Foreign Ministers of German-speaking countries on 26 July 2013. The Federal Minister of Justice will be raising the matter at the meeting of the four Ministers of Justice of German-speaking countries on 25 and 26 August. The motivation behind the initiative is to enshrine digital civic rights in international law. Furthermore, at the margins of the informal meeting of Ministers for Justice and Home Affairs on 18 and 19 July, Federal Minister of the Interior Friedrich made a proposal for a Digital Rights Charter for data protection. This autumn, the Federal Ministry of the Interior will be tabling specific proposals, which, following discussions within the Member States and subsequent harmonisation, will be available for discussion at all international levels. 4) General Data Protection Regulation Germany is a driving force for the work on a General Data Protection Regulation at European level. The Federal Government is in favour of introducing a provision that will require companies to inform the authorities whenever data is passed on to third countries. France and Germany have launched a joint initiative to this effect.

On 31 July 2013, the Federal Government submitted a proposal for EU legislation that would require companies that submit data to authorities in third countries to report such steps and seek prior approval for them. The regulatory proposal envisages that in the future, the transmission of data to third countries will have to be subject either to the strict procedures of legal and administrative assistance (always in the field of criminal law), or to advance permission by the data protection authorities. Moreover, the Federal Government reiterates the call for an immediate evaluation of the Safe Harbour system, which the two lead Ministers in the area of data protection, Minister of the Interior Friedrich and Minister of Justice Leutheusser-Schnarrenberger had already voiced alongside with France, at the informal meeting of Ministers of Justice and Home Affairs on 19 July 2013. The Federal Government is seeking to include safeguards in the General Data Protection Regulation, which in line with the principles of Safe Harbour will provide for suitably high standards for certification systems in third countries. The intention is to create a legal framework that will ensure that companies which operate within systems like Safe Harbour firmly commit to certain minimum standards for the protection of personal data and that their compliance with these standards is monitored in an effective way. Moreover, the Federal Government is in favour of convening special meetings at expert level in September where the Member States could debate on future rules on the transmission of data to third countries and also look at the German proposal. This way, the Ministers could make the necessary political decisions as soon as October. 5) Joint standards for intelligence services The Federal Government advocates joint standards for the foreign intelligence services of EU Member States, to be drawn up by the Member States. The Federal Government advocates for joint standards for the foreign intelligence services of EU Member States, to be drawn up by the Member States. The Federal Government has asked the Federal Intelligence Service to draw up a draft proposal. The Federal Intelligence Service has responded to this request by inviting representatives of its EU counterparts to a first meeting. Furthermore, there are plans for an agreement with the United States, based on the following principles on which oral agreement has already been reached with the U.S.: No violations of each others national interests; No spying on each other; No industrial espionage;

No violations of the respective law of the land.

6) European IT Strategy The Federal Government is working with the EU Commission to develop an ambitious IT strategy at European level. This strategy must be based upon an analysis of the system capabilities that are currently lacking in Europe. Its aim is to strengthen European companies so that they have the capabilities to develop innovative solutions that can give both Germany and Europe a competitive advantage as centres for business. Such solutions are also needed in order to ensure secure internet use. Europe needs successful providers of web-based business models. The Federal Government is providing support for German business and science so that they can broaden their expertise in key information and communication technologies. This support is targeted at hardware and software development, particularly in the area of internet technologies. Federal Minister of Economics and Technology Dr Philipp Rsler is currently involved in close dialogue with the business community and research institutes in the interests of conducting an unbiased analysis that seeks to identify the strengths and weaknesses of Germany/Europe as an IT base and to pinpoint strategic fields of action to ensure for a European ICT strategy that is fit for the future. A key point of such a strategy would be to encourage young entrepreneurs to set up new companies, and the Young Digital Economy advisory council at the Federal Ministry of Economics and Technology is developing specific recommendations for action on how the Government can foster entrepreneurship and IT start-ups in the digital economy. Federal Minister for Education and Research, Prof. Johanna Wanka, remains committed to ensuring that the areas of privacy, IT, and cyber security are given greater attention within Horizon 2020. The Federal Government is to develop key elements for an ambitious national and European ICT strategy and is to bring these to the discussion at European level. Federal Minister of Economics and Technology Dr Philipp Rsler has already made contact with the European Commissioner in charge in order to compile an agenda in preparation for the meetings that are to take place at expert level shortly. The discussions will not only focus on solutions for secure data communication, e.g. for secure cloud computing, but will also revolve around opportunities for better cooperation between the young digital economy and established industries. The working groups of Federal Governments National IT Summit are assisting with the drafting of a joint European ICT strategy. Initial results will be presented at the National IT Summit to be held on 10 December 2013. In addition, the Federal Government is pushing for the bundling of measures aimed at improving cyber security in the European Union and is calling for effective implementation of the cyber security strategy that has been presented by the European Commission and the

European External Action Service. The proposed measures are designed to maintain industrial and technical resources for cyber security in Europe, to boost the internal market for IT security products and to foster research and development in the area of IT security as well as strengthen the competitiveness and credibility of the IT security industry. 7) Round Table on IT security technology A Round Table on IT security technology composed of representatives from politics, research institutes and the private sector will be implemented at national level. The Federal Office for Information Security will provide expert support to panel the members representing the policy-making side. One of the aims of the Round Table will be to establish better policy conditions in Germany which are also especially favourable for producers of security technology. Federal IT Commissioner and State Secretary Cornelia Rogall-Grothe has sent out invitations to the Round Table, which is to be held at the beginning of September. The outcome of this meeting will provide policy-makers with important input for the next parliament and will also be discussed at the National Cyber Security Council. The results of the discussions will also be fed into the Federal Governments National IT Summit process. The Round Table is being convened in order to make Germany more independent in the area of ICT. It will be bringing together representatives from politics, associations, the lnder, science, IT companies and companies using IT technologies for discussions on issues including funding for IT security measures as an indirect means of boosting the market, possibilities of how government can steer and pool demand for innovative IT security products and foster research in this area, as well as possible ways of better serving the national interest in public procurement of ICT within the bounds of EU procurement law. The idea for a new IT investment programme, which would promote the development of IT security technology by making use of this technology in the IT and electronic communications systems of the Federal authorities, will also be brought to the table. Furthermore, the Federal Ministry of Education and Research provides funding for three scientific centres of excellence for cyber security, whose Security by Design report, which provides important input for future research and development, was recently presented to the National Council for Cyber Security. 8) Deutschland sicher im Netz [Germany securely online] The Deutschland sicher im Netz Association will be scaling up its work to inform and educate both the general public and businesses about how to best protect their data. Deutschland sicher im Netz. e.V. was launched in 2006 as part of the Federal Governments IT Summit and operates under the patronage of Federal Minister of the

Interior Friedrich. The Federal Government has now stepped up its co-operation with the association and supports its work of distributing information material and running awareness-raising campaigns. New so-called commitments for action are about to be drawn up by the members of the association and its advisory council. At the last meeting of the National Council for Cyber Security on 1 August 2013, the Federal Ministries agreed to consider co-operation with the association on future awarenessraising campaigns. Furthermore, the Federal Office for Information Security is further expanding its successful co-operation with the association by increasing its online information services, which are available at: www.bsi-fuer-buerger.de. The Federal Ministry of Economics and Technology, in its work to raise the issue of IT security, is targeting small and medium-sized companies in particular. A compilation of useful information on the secure use of ICT is available at: www.it-sicherheit-in-derwirtschaft.de. In addition, the Federal Ministry of Food, Agriculture and Consumer Protection has long been actively supporting projects seeking to provide consumers with information about data protection online, particularly on secure surfing and data protection in social networks: www.verbraucher-sicher-online.de, www.surfer-haben-Rechte.de;www.watchyourweb.de. Other legislation under review In the interest of better protection of the citizens personal data, the Federal Government will also be reviewing the existing legislation pertaining to telecommunications and IT security for any need for amendments and to establish how to promote the use of secure ICT technology so that members of the public and companies can communicate securely in private. Under the Telecommunications Act, foreign security agencies are banned from accessing telecommunications data collected in Germany. Should these agencies require such data from Germany, they have to lodge a request for mutual legal assistance with the German authorities, which will examine the request and instruct the network operators to act accordingly. Transmitting data collected in Germany to foreign security services without such authorisation is an offence punishable by fine. The Federal Government is currently reviewing the need for stronger data protection and IT security standards for telecommunications companies. As part of this review, the Federal Ministry of Economics and Technology is having the relevant provisions of the Telecommunications Act reviewed in the light of recent developments. The Federal Network Agency and the Federal Office for Information Security are jointly reviewing the existing security requirements to see whether there is a need for adjustment. Companies and the general public alike can increase their levels of protection against spying by making more use of IT security technology to protect their personal and corporate data. The Federal Government will be looking into possibilities of fostering this and will be raising the matter during the upcoming negotiations for an IT Security Act.