Database
Restrictions on data
GERMANY
Measure reported - No official source found
Chapter Content access |
Sub-chapter Bandwidth, net neutrality
German Criminal Code - Section 203
The use of Cloud Computing services may – depending on the information stored and the purpose of storing these information – constitute a disclosure of confidential information in violence of professional secrecy in the meaning of Sec. 203 StGB (German Criminal Code).
The professional secrecy includes personal data as well as all facts, which are been obtained for professional reasons. Professionals who are subject to professional secrecy are especially, but not exclusively, lawyers and legal professionals, medical professions, social care, clerical professionals and civil servants.
The professional secrecy includes personal data as well as all facts, which are been obtained for professional reasons. Professionals who are subject to professional secrecy are especially, but not exclusively, lawyers and legal professionals, medical professions, social care, clerical professionals and civil servants.
Coverage Cloud Computing
Source
- is this data localisation???
Restrictions on data
GERMANY
In August 2015
Chapter Content access |
Sub-chapter Bandwidth, net neutrality
Kriterien für die Nutzung von Cloud-Diensten der IT-Wirtschaft
durch die Bundesverwaltung
durch die Bundesverwaltung
In general, the storage and processing of public registers / records with sensitive data of citizens (such as records of the tax authority or criminal records or registers of births, marriages and deaths or weapon registers or registers of data of social security institutions) may not be outsourced. Moreover, restrictions on cloud computing may arise from the exclusive access of civil servants to the exercise of sovereign powers, which is granted by the German Costitution (Art. 33(4)).
The requirements vary between different States in Germany. For example, in Brandenburg the authorities which store a register of the residency of Brandenburg’s citizens are only allowed to use private Cloud Computing services which are located in Brandenburg (Sec. 35 BbgMeldeG).
In August 2015, Germany issued nationwide guidelines that prohibit government agencies from using clouds to store sensitive data if the cloud company processes data outside the Germany. Cloud providers could qualify for the "German cloud" certification if their servers and company headquarters are located in Germany. However, the proposal was later withdrawn.
The requirements vary between different States in Germany. For example, in Brandenburg the authorities which store a register of the residency of Brandenburg’s citizens are only allowed to use private Cloud Computing services which are located in Brandenburg (Sec. 35 BbgMeldeG).
In August 2015, Germany issued nationwide guidelines that prohibit government agencies from using clouds to store sensitive data if the cloud company processes data outside the Germany. Cloud providers could qualify for the "German cloud" certification if their servers and company headquarters are located in Germany. However, the proposal was later withdrawn.
Coverage Cloud Computing
Restrictions on data
GERMANY
Reported in 2013
Chapter Content access |
Sub-chapter Bandwidth, net neutrality
Blocking Voice over Internet providers (VoIP)
Freedom House has noted that most German mobile providers contractually prohibit services such as Voice over Internet Protocol (VoIP) or even instant messaging.
Coverage Voice over Internet providers (VoIP)
Restrictions on data
GERMANY
In 2014
Chapter Content access |
Sub-chapter Censorship and filtering of web content
European Court of Justice ruling - Case C-314/12 "UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega
Filmproduktionsgesellschaft mbH"
Filmproduktionsgesellschaft mbH"
The European Court of Justice has interpreted in 2014 that Internet Service Providers (ISPs) may be ordered by national courts to block customer access to a copyright-infringing website. This ruling aims to limit online piracy.
Under the circumstances of the ongoing dispute between YouTube and GEMA (German Society for Musical Performance and Mechanical Reproduction), copyright infrigement material has been blocked from the website.
Under the circumstances of the ongoing dispute between YouTube and GEMA (German Society for Musical Performance and Mechanical Reproduction), copyright infrigement material has been blocked from the website.
Coverage Internet service providers (ISPs), Youtube
Restrictions on data
GERMANY
Since March 2016
Chapter Intermediary liability |
Sub-chapter Lack of safe harbor for intermediary liability
Bundesgerichtshof [Federal Court of Justice of Germany], Sixth Civil Section, Jameda, VI ZR 34/15
The Federal Court of Justice (Bundesgerichtshof), the highest court in the system of ordinary jurisdiction in Germany, established a case of intermediary liability for anonymous reviews published in review portals. Intermediaries are under the obligation to verify the accuracy of reviews upon request. In effect, these entities are therefore obligated to monitor reviews if the anonymity of their portal makes it difficult for the person affected (the reviewed) to directly address the reviewer.
Coverage Review Portals
Restrictions on data
GERMANY
In 2007
In 2010
In 2010
Chapter Intermediary liability |
Sub-chapter Lack of safe harbor for intermediary liability
Court rulings
An Hamburg Court ruled that YouTube could not benefit from a liability exemption for hosting providers because it presents the uploaded by third parties content as its own content. On the other hand, the Bundesgerichtshof ruled that an image search service could benefit from the liability exemption for hosting as per Article 14 of e-Commerce Directive without specifying why a search engine should be classed as a hosting provider.
The German Regional Court of Munich considered Usenet (a system in which users post messages to a newsgroup) as a caching provider because information was mirrored and stored on its service for about 30 days.
The German Regional Court of Munich considered Usenet (a system in which users post messages to a newsgroup) as a caching provider because information was mirrored and stored on its service for about 30 days.
Coverage Image and video sharing services, blogs, discussion fora and social network
Restrictions on data
GERMANY
Since October 2017
Chapter Intermediary liability |
Sub-chapter Lack of safe harbor for intermediary liability
Netzwerkdurchsetzungsgesetz [Act to Improve Enforcement of The Law in Social Networks - also referred to as Hate Speech Law]
In June 2017, the German government passed a law which requires companies including Facebook, Twitter and Google to remove any content that is illegal in Germany — such as Nazi symbols or Holocaust denial — within 24 hours of it being brought to their attention. The law allows for up to seven days for the companies to decide on content that has been flagged as offensive, but that may not be clearly defamatory or inciting violence. Companies that persistently fail to address complaints by taking too long to delete illegal content face fines that start at EUR 5 million and could rise to as much as EUR 50 million. The law took effect in October 2017.
Coverage Platforms
Restrictions on data
GERMANY
Since 2007
Chapter Intermediary liability |
Sub-chapter Lack of safe harbor for intermediary liability
Directive 2000/31/EC (e-Commerce Directive)
Telemedia Act
Telemedia Act
The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbor. The Directive covers any type of infringement of third-party rights, including intellectual and industrial property rights and personality rights.
The limitations on liability in the Directive apply to clearly delimited activities (mere conduit, caching and hosting) carried out by internet intermediaries, rather than to categories of service providers or types of information. While it was not considered necessary to cover hyperlinks and search engines in the Directive, the Commission has encouraged Member States to further develop legal security for Internet intermediaries.
Since not all Member States have transposed the relevant articles consistently, the national case law is divergent and leads to legal insecurity on an EU level.
The Telemedia Act is based on the E-Commerce Directive. However, Germany does not use the term "actual knowledge" in its transposition of Article 14, but refers merely to "knowledge."
The limitations on liability in the Directive apply to clearly delimited activities (mere conduit, caching and hosting) carried out by internet intermediaries, rather than to categories of service providers or types of information. While it was not considered necessary to cover hyperlinks and search engines in the Directive, the Commission has encouraged Member States to further develop legal security for Internet intermediaries.
Since not all Member States have transposed the relevant articles consistently, the national case law is divergent and leads to legal insecurity on an EU level.
The Telemedia Act is based on the E-Commerce Directive. However, Germany does not use the term "actual knowledge" in its transposition of Article 14, but refers merely to "knowledge."
Coverage Internet intermediaries
Restrictions on data
GERMANY
Chapter Data policies |
Sub-chapter Other
German Federal Data Protection Act
German Criminal Code - Section 203 STGB
German Criminal Code - Section 203 STGB
In certain states, public and private hospitals can use IT services external to the hospital only if they obtain prior consent of the subject or if there is prior anonymisation of the patient data.
Coverage Cloud Computing
Source
- Measure reported - No official source found
Restrictions on data
GERMANY
Chapter Data policies |
Sub-chapter Other
German Social Law Code Book 10 - Section 80 SGB X
In general, the collection, use and processing of social data shall be entrusted to public servants who owe their services and loyalty to the state. The use of cloud computing by private entities is subject to certain restrictions. It must ensure the absence of disturbances during the operations, lead to significant cost savings and the major part of the database has to remain with the respective public authority.
Coverage Cloud Computing
Source
- Measure reported - No official source found
Restrictions on data
GERMANY
Chapter Data policies |
Sub-chapter Other
German Criminal Code - Section 203
The use of Cloud Computing services may – depending on the information stored and the purpose of storing these information – constitute a disclosure of confidential information in violence of professional secrecy in the meaning of Sec. 203 StGB (German Criminal Code).
The professional secrecy includes personal data as well as all facts, which are been obtained for professional reasons. Professionals who are subject to professional secrecy are especially, but not exclusively, lawyers and legal professionals, medical professions, social care, clerical professionals and civil servants.
The professional secrecy includes personal data as well as all facts, which are been obtained for professional reasons. Professionals who are subject to professional secrecy are especially, but not exclusively, lawyers and legal professionals, medical professions, social care, clerical professionals and civil servants.
Coverage Cloud Computing
Sources
- Measure reported - No official source found
- is this data localisation???
Restrictions on data
GERMANY
In August 2015
Chapter Data policies |
Sub-chapter Other
Kriterien für die Nutzung von Cloud-Diensten der IT-Wirtschaft
durch die Bundesverwaltung
durch die Bundesverwaltung
In general, the storage and processing of public registers / records with sensitive data of citizens (such as records of the tax authority or criminal records or registers of births, marriages and deaths or weapon registers or registers of data of social security institutions) may not be outsourced. Moreover, restrictions on cloud computing may arise from the exclusive access of civil servants to the exercise of sovereign powers, which is granted by the German Costitution (Art. 33(4)).
The requirements vary between different States in Germany. For example, in Brandenburg the authorities which store a register of the residency of Brandenburg’s citizens are only allowed to use private Cloud Computing services which are located in Brandenburg (Sec. 35 BbgMeldeG).
In August 2015, Germany issued nationwide guidelines that prohibit government agencies from using clouds to store sensitive data if the cloud company processes data outside the Germany. Cloud providers could qualify for the "German cloud" certification if their servers and company headquarters are located in Germany. However, the proposal was later withdrawn.
The requirements vary between different States in Germany. For example, in Brandenburg the authorities which store a register of the residency of Brandenburg’s citizens are only allowed to use private Cloud Computing services which are located in Brandenburg (Sec. 35 BbgMeldeG).
In August 2015, Germany issued nationwide guidelines that prohibit government agencies from using clouds to store sensitive data if the cloud company processes data outside the Germany. Cloud providers could qualify for the "German cloud" certification if their servers and company headquarters are located in Germany. However, the proposal was later withdrawn.
Coverage Cloud Computing
Restrictions on data
GERMANY
Since June 2004
Chapter Data policies |
Sub-chapter Administrative requirements on data privacy
Telecommunications Act
Under Germany’s Telecommunications Act, the government has a right to request data stored by telecommunications companies to advance certain prosecutorial and protective functions.
Coverage Telecommunication sector
Restrictions on data
GERMANY
Since June 2017
Chapter Data policies |
Sub-chapter Administrative requirements on data privacy
Remote Communication Interception Software (RCIS) 2.0
In June 2017, the German government passed a law to hand police the power to hack into devices belonging to all people suspected of criminal activity and not just those expected of terror offenses. Germany's security forces are able to hack into WhatsApp, Telegram and other encrypted messaging services as of the end of 2017, using a new version of Germany's state spyware, Remote Communication Interception Software (RCIS).
Coverage Encrypted Messaging
Restrictions on data
GERMANY
Since October 2015
Chapter Data policies |
Sub-chapter Data retention
German Telecommunications Act, as amended in December 2015
Under the Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws which implemented the Directive have been overturned.
In 2010, the German Constitutional court found the implementation of the Directive on Data retention was unconstitutional. Yet, in October 2015, a new data retention law has passed, which will enter into force in 2017. The law provides that telecommunication providers must retain data such as phone numbers, the time and place of communication (except for emails), and the IP addresses for either four or 10 weeks. The data is to be stored in servers located within Germany (§113b).
In 2010, the German Constitutional court found the implementation of the Directive on Data retention was unconstitutional. Yet, in October 2015, a new data retention law has passed, which will enter into force in 2017. The law provides that telecommunication providers must retain data such as phone numbers, the time and place of communication (except for emails), and the IP addresses for either four or 10 weeks. The data is to be stored in servers located within Germany (§113b).
Coverage Telecommunication sector
Sources
- http://www.gppi.net/publications/data-technology-politics/article/german-bundestag-passes-new-data-retention-law/?L=%27398
- http://www.lexology.com/library/detail.aspx?g=fe41234a-b807-47da-a20e-b725327b537a
- http://www.bundesgerichtshof.de/SharedDocs/Downloads/DE/Bibliothek/Gesetzesmaterialien/18_wp/Verkehrsdaten/bgbl.pdf;jsessionid=08CE7CF1588525E9E664828FC61788C0.2_cid329?__blob=publicationFile