Germany

Free
80
100
A Obstacles to Access 22 25
B Limits on Content 30 35
C Violations of User Rights 28 40
Last Year's Score & Status
81 100 Free
Scores are based on a scale of 0 (least free) to 100 (most free)

header1 Overview

Germany’s online environment remains free, despite concerns related to the adoption of stricter regulations of freedom of expression online. The media and civil society frequently and openly discuss the state of internet freedom in Germany, with internet regulation issues often given great prominence in widely read online news publications. An independent court system provides oversight on regulatory measures adopted by the executive and the legislature. However, new pieces of legislation that expand the online surveillance powers of Germany’s domestic and foreign intelligence services as well as police authorities continued to raise privacy concerns, particularly laws that allow for the monitoring of citizens’ online activities on preventive grounds. Furthermore, new measures on the European level aim to curb online copyright infringement as well as terrorist propaganda, with potential negative side effects for freedom of expression. In order to bolster criminal investigations, a proposed bill against online marketplaces could severely hinder the effective use on anonymization services for online communication.

Germany is a representative democracy with a vibrant political culture and civil society. Political rights and civil liberties are largely assured both in law and practice. The political system is influenced by the country’s totalitarian past, with constitutional safeguards designed to prevent authoritarian rule. Although Germany has generally been stable since the mid-20th century, political tensions have grown following an influx of asylum seekers into the country and the growing popularity of a right-wing party, among other issues.

header2 Key Developments, June 1, 2018 - May 31, 2019

  • The European Directive on Copyright, which the EU approved in April 2019, was met with opposition, with large online and offline protests taking place across Germany (see B3, B8).
  • At the level of the federal government, discussions within the ruling coalition on measures affecting online marketplaces, which would hinder online anonymity and encryption, are ongoing (see C4).
  • Laws expanding the powers of police, granting them the authority to access information and communications technology (ICT) systems preventively in the event of broadly defined imminent danger, have been passed or are under discussion in a number of federal states, blurring the line between the police and intelligence services (see C5).
  • In December 2018, politicians, television personalities, YouTubers, and activists were doxed in a major hacking incident (see C8). An individual who confessed to the leaks, a German citizen, was arrested in January 2019.

A Obstacles to Access

Internet access is widespread in Germany, and there are few inhibiting obstacles. However, differences in internet usage by levels of income demonstrate how prices continue to be a barrier for some residents.

A1 1.00-6.00 pts0-6 pts
Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections? 6.006 6.006

Germany’s network infrastructure for ICTs is well developed, and its overall internet penetration rate is above the European Union (EU) average; in 2018, 93 percent of German residents used the internet.1 According to 2018 ITU data, the country’s fixed broadband penetration rate was 36.3 percent and its mobile broadband penetration rate was 81.6 percent.2

The most widely used mode of fixed access is still DSL (digital subscriber line), with 25 million connections in 2018. Fiber-optic and other connections are becoming more widespread, with 9.2 million connections in 2018, compared with 8.5 million in 2017.3 Connections with speeds of more than 30 Mbps are available to 18.9 million households.4 Despite earlier promises by the government to quickly provide high-speed internet access to every household in Germany,5 the expansion of fixed-broadband infrastructure has stagnated, and the government failed to hit its own target of ensuring every household had at least a 50 Mbps internet connection by the end of 2018.6 Andreas Scheuer, the federal minister of transport and digital infrastructure since March 2018, has been criticized for misallocating federal funds earmarked for improving broadband connectivity.7 A reliance on copper cable vectoring by domestic internet service providers (ISPs) has also been criticized as potentially impeding fiber-optic expansion.8

In 2018, internet access via mobile devices increased: 67.8 million people in Germany regularly accessed the internet via UMTS (universal mobile telecommunications service) or LTE (long-term evolution), compared with 65.5 million in the previous year, while the total data volume increased from 1.4 billion GB in 2017 to almost 2 billion GB in 2018.9 Germany is ranked eighth worldwide in terms of smartphone penetration by analytics company Newzoo, with 64.8 million people (78.8 percent of the population) using a smartphone as of September 2018.10 At the end of 2018, LTE connections were available to 98 percent of all Deutsche Telekom customers, 93 percent of Vodafone customers, and 88 percent of Teléfonica Germany customers.11

The availability of public internet connections has been historically low in Germany compared to other industrialized countries.12 However, recent legal changes have led to an increase of publicly available Wi-Fi hotspots, including in cafés and high-speed trains (see B3). Furthermore, the as-yet unapproved decision to designate free community Wi-Fi providers as not-for-profit enterprises, which entails considerable tax advantages, is expected to increase public internet connections (see A2).

According to May 2019 data, the average download speed for a fixed-broadband connection in Germany was 74.41 Mbps, while that of a mobile broadband connection was 31.90 Mbps.13 Average speeds in Germany are slower than those in neighboring France but higher than those in the United Kingdom.

A2 1.00-3.00 pts0-3 pts
Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons? 2.002 3.003

“Telecommunication services” have become slightly less expensive, decreasing in price by about 0.9 percent from 2016 to 2017, according the most recent official statistics.1 In 2018, expenses for such services amounted to 2.9 percent of available household income.2 The 2019 Inclusive Internet Index ranks Germany 16th out of 100 countries in terms of prices for internet connections.3

Stark differences in internet usage by levels of income demonstrate that prices continue to be a barrier for people with low incomes and the unemployed.4 Some 96 percent of German residents with jobs use the internet, while just 68 percent of the unemployed do.5 The industrial initiative D21 has also found a significant discrepancy in access between households that earn less than €1,000 ($1,160) per month, compared to households that make €3,000 ($3,480) or more per month.6 Relatedly, 98 percent of highly educated German residents use the internet, while just 60 percent of low-educated residents do.5 Although Germany’s Federal Court of Justice has ruled that access to the internet is fundamental for everyday life, the cost of internet access is still not adequately reflected in basic social benefits.7 In March 2017, the Federal Council (Bundesrat) designated providers of free community wireless networks as not-for-profit enterprises, which entails considerable tax advantages. However, that decision has yet to be approved by the Federal Parliament (Bundestag).8

There are also gender and age gaps when it comes to accessing the internet in Germany, though they are gradually getting smaller. While 91 percent of men used the internet every day or almost every day in 2018, only 87 percent of women did.9 While almost all (97–98 percent) of those aged 16-44 use the internet ever day or almost every day among those over 65, frequent usage remains at 68 percent.10

Furthermore, slight differences in internet usage exist between Germany’s western region and its eastern region, which was formerly the communist German Democratic Republic. The only German states where popular internet usage is lower than 80 percent are in the eastern region. This gap has remained stable over the past few years.11 Meanwhile, the gap in internet use between the urban centers (of 500,000 people or more) and rural areas is still 6 percentage points.12

A3 1.00-6.00 pts0-6 pts
Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity? 6.006 6.006

The German government does not impose restrictions on ICT connectivity. Germany’s telecommunications infrastructure is largely decentralized. There are more than a hundred internet backbone providers in the country.1

Privatized in 1995, the formerly state-owned Deutsche Telekom remains the only company that acts as both a backbone provider and an internet service provider (ISP). However, the German state owns less than a third of its shares, which crucially limits government control.2 There are a number of connections in and out of Germany, the most important being the DE-CIX (German Commercial Internet Exchange), which is located in Frankfurt. It is privately operated by Eco, the association of the German internet industry.3

According to the Federal Network Agency for Electricity, Gas, Telecommunications, Post, and Railway (Bundesnetzagentur, or BNetzA), there is currently a lack of legal basis for internet shutdowns or connectivity restrictions on the federal level.4 However, some state-level legislation on the powers of police authorities grants limited restriction measures (see C5).

A4 1.00-6.00 pts0-6 pts
Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers? 5.005 6.006

The telecommunications sector was liberalized in the 1990s with the aim of fostering competition. Commercial service providers must notify the BNetzA prior to beginning their operations, but do not need licenses.1

The incumbent Deutsche Telekom’s share of the fixed broadband market was 39.7 percent in 2018, a slight decline from its position in 2017 and a sign of increasing competition.2 Other ISPs with significant market share included Vodafone with 19.9 percent, 1&1 with 13.1 percent, the cable company Unitymedia with 10.4 percent, and O2-Telefónica with 5.9 percent.2 Public subsidies for increasing broadband connectivity have been criticized for favoring Deutsche Telekom.3

For mobile internet, German users can choose from three major service providers: T-Mobile (Deutsche Telekom), with a 30.1 percent market share; Vodafone, with 22.9 percent; and Telefónica Deutschland, with 24.4 percent.2.

A5 1.00-4.00 pts0-4 pts
Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner? 3.003 4.004

Internet access, both broadband and mobile, is regulated by the BNetzA, which has operated under the supervision of the Federal Ministry of Economic Affairs and Energy since early 2014.1 The president and vice president of the agency are appointed for five-year terms by the federal government, following recommendations from an advisory council consisting of 16 members from the Bundestag and 16 representatives from the Bundesrat.2 The German Monopolies Commission and the European Commission (EC) have both criticized this highly political structure and the concentration of important regulatory decisions in the presidential chamber of the BNetzA.3

In addition to these institutional concerns, regulatory decisions by the BNetzA have been criticized for providing a competitive advantage to Deutsche Telekom, the former state-owned monopoly.4 These concerns were amplified in late 2015, when BNetzA presented a proposal to allow Telekom to implement vectoring, a technology that is capable of boosting the bandwidth of DSL connections on preexisting copper lines.5 This arrangement sparked criticism given that, in order to function as intended, the technology requires a single operator to remain in charge of all copper lines. In turn, unbundling and redistributing individual connections becomes more difficult, with the result that the managing operator (Telekom) will end up in a privileged market position.6 After the Monopolies Commission first voiced its concerns in December 20157 and the EC instigated formal review proceedings in early 2016,8 the Federal Chancellery finally announced the end of public support for vectoring in March 2018.9

  • 1. Markus Beckedahl, “Verkehrsministerium gewinnt Fachaufsicht über Bundesnetzagentur” [Ministry of Transport gains supervision over Federal Network Agency], Netzpolitik.org, February 14, 2014, http://bit.ly/1jDT9KQ
  • 2. §3, Abs. 3 BEGTPG (Gesetz über die Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und Eisenbahnen), https://bit.ly/2Ken8ue
  • 3. Monopolkommission [Monopolies Commission], “Telekommunikation 2009: Klaren Wettbewerbskurs halten” [Telecommunication 2009: stay on target in competition], Sondergutachten 56, 2009, p. 75, http://bit.ly/2dBXDUY; European Commission, “Progress Report on the Single European Electronic Communications Market (15th Report),” COM(2010) 253, p. 196, http://bit.ly/1Od2qpT
  • 4. Since the Federal Republic still exercises its rights as a shareholder of Deutsche Telekom, commentators see a potential conflict of interest. See: Christian Schmidt, “Von der RegTP zur Bundesnetzagentur. Der organisationsrechtliche Rahmen der neuen Regulierungsbehörde” [From RegTP to Federal Network Agency. The organizational framework of the new regulator], Die Öffentliche Verwaltung 58 (24), 2005, p. 1028
  • 5. Tomas Rudl, “Breitbandausbau: Telekom-Vectoring kommt näher“ [Broadband development: Telekom vectoring approaches], Netzpolitik.org, November 23, 2015, http://bit.ly/2dOcz0t
  • 6. Richard Sietmann, “Fiber to the Neverland. Die Telekom forciert VDSL-Vectoring statt Glasfaser” [Fiber to the Neverland. DT pushes VDSL-Vectoring instead of Fiber], c't 10/2013, April 29, 2013, pp. 18-21, http://heise.de/-1847272
  • 7. Volker Briegleb, “VDSL-Turbo Vectoring: Monopolkommission warnt vor ’Technologiemonopol der Telekom‘” [VDSL turbo vectoring: monopoly commission warns against ’technology monopoly of the Telekom’], heise.de, December 7, 2015, http://bit.ly/2eeTyog
  • 8. Tomas Rudl, “Vectoring: Beirat der Bundesnetzagentur fordert Nachbesserungen” [Vectoring: advisory board of Bundesnetzagentur demands amendments], Netzpolitik.org, January 26, 2016, http://bit.ly/2dD05a2
  • 9. Tomas Rudl, “Kanzleramt: Klare Absage an Kupfer beim Breitbandausbau“ [Chancellery: Clear rejection of copper for broadband expansion], Netzpolitik.org, March 8, 2018, https://bit.ly/2HjVHcQ

B Limits on Content

Access to online content in Germany is mostly free. Pressure on social media companies to remove illegal content from their platforms has intensified over the past years with the implementation of the Network Enforcement Act, and the passing of the Copyright Directive on the EU level. Users, notably young people, harnessed online tools to mobilize for social causes, including to call for action to address climate change. Another protest movement organized largely online opposed an EU directive on copyright regulations.

B1 1.00-6.00 pts0-6 pts
Does the state block or filter, or compel service providers to block or filter, internet content? 5.005 6.006

The government rarely engages in blocking of websites or internet content.1 No blocks were imposed by state actors during this report’s coverage period. All major social media platforms and international blog-hosting services are freely available.

In February 2018, a regional court in Munich instructed the service provider Vodafone to block the video-streaming website kinox.to in response to a film distributor’s complaint that the site was hosting content in violation of copyright law.2 Vodafone customers are rerouted to a different website when they try to access kinox.to. The injunction marked the first court-ordered blocking of a pirate website in Germany. The decision, which was appealed by Vodafone3 but upheld in June 2018,4 has been criticized as both ineffective and excessive.5 Nevertheless, a month later, Vodafone reportedly began blocking Library Genesis, a website that hosts pirated copies of articles and books, after receiving a similar court order.6 A 2015 Federal Court of Justice ruling empowered copyright holders to seek such injunctions against pirate websites (see B3).7

In December 2018, Vodafone began blocking the streaming websites bs.to and s.to in response not to a court order, but rather to a complaint from the rights holder of the television series Das Boot.8 In March 2019, Vodafone began blocking the file-sharing forum boerse.to in response to a copyright complaint from the music rights group GEMA.9

B2 1.00-4.00 pts0-4 pts
Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content? 2.002 4.004

Most content-removal issues in Germany relate to the removal of search engine results (de-indexing) rather than actual deletions of content. However, pressure on social media companies to remove content from their platforms has increased since the implementation of the Network Enforcement Act (NetzDG), which imposes severe fines if certain illegal content is not removed promptly (see B3).

Since NetzDG came into effect on January 1, 2018, a number of controversial content removals have been reported. In January 2018, several satirical tweets were deleted by Twitter, including one by the author and poet Sophie Passmann,1 as was the entire account of the satirical magazine Titanic.2 While Twitter did not explicitly mention NetzDG in these cases, it displayed a message stating that Passmann’s tweet had been retracted on the basis of local laws in Germany. Titanic’s account remained blocked for 48 hours; after Twitter reactivated it, at least five of its earlier tweets remained unavailable in Germany.3 The January 2018 case of a deleted tweet and Facebook post by the leftist politician Jörg Rupp illustrated one of the fundamental problems with the new law: many posts on social media platforms may fall within the scope of hate speech provisions embedded in Germany’s criminal code if taken out of context.4

According to an analysis from the Center for European Policy Studies, “NetzDG has failed to generate any additional press reports of dubious false positives” since the aforementioned January 2018 controversies.5 However, chilling effects under NetzDG, which were a major point of contention, are difficult to measure, and remain a concern. Under the law, social media companies that receive over 100 content-related complaints each year must disclose how they handled those complaints every six months. These complaints came from either users or complaints bodies, such as Jugendschutz.net, a children’s’ rights watchdog. According to Facebook’s disclosures for the periods July-December 2018 and January-June 2019, 718 items were blocked or removed in response to complaints.6 According to Google’s disclosures for the same periods, 125,812 items on YouTube were blocked or removed in response to complaints, compared to 1,787 items on Google+.7 According to Twitter’s disclosures for the same periods, 69,897 items of content were blocked or removed in response to complaints.8

There are doubts as to the completeness and clarity of these disclosures. The government recently accused Facebook of underreporting its content blocking and removal statistics, issuing the company a fine of €2,000,000 ($2,300,000). The Federal Ministry of Justice argued that, by counting only certain categories of complaints, Facebook had created an incomplete picture of the extent of violations on its platform.9

Separately, the government also issues content removal requests. According to Google’s latest transparency report, covering January through June 2018, the company received 270 takedown requests from the German courts and other public authorities. The most common reason for these requests (in 57 percent of cases) was defamation, followed by “privacy and security” concerns, “business complaints,” and “adult content.”10 Google acceded to 70 percent of these requests. Meanwhile, Twitter received 42 content removal requests from German authorities between July and December 2018, the latest period for which data is available.11 The company complied with just 12 percent of these requests. Facebook did not isolate government requests to remove content in its transparency reporting.12

Under a 2014 EU Court of Justice (CJEU) decision on the “right to be forgotten” (RTBF),13 Google and other search engines are required to remove certain search results if they infringe on the privacy rights of a person and that person formally requests the action (see B3). As of May 10, 2019, Google had assessed some 802,259 requests to delist search results across the EU, affecting more than 3 million URLs, with nearly 132,000 coming from Germany alone.14 Google delisted URLs in response to 49.1 percent of the German requests. Between July and December 2018, Microsoft received 396 RBTF delisting requests covering 1,145 URLs.15 The company delisted 61 percent of those URLs.

In spring of 2019, social media companies began implementing more restrictive policies in order to prevent the spread of disinformation in the run-up to the May 2019 European Parliament elections. While these companies are not legally bound to undertake such measures, the European Commission had called for voluntary action pursuant to its Code of Practice against disinformation.16 The new policies have led to the temporary suspension of accounts and the deletion of posts which made humorous—and legal—comments on the elections. As an example, information technology lawyer Thomas Stadler had ironically tweeted in March 2016 that Alternative für Deutschland voters should sign their ballots, making them invalid, and in 2019 was consequently blocked from accessing his Twitter account for a period of two days. The new policies were criticized by activists as infringing upon freedom of expression.17

In response to a case concerning the satirist Jan Böhmermann, who in 2016 came under criminal investigation for a provocative poem mocking Turkish president Recep Tayyip Erdoğan, Erdoğan filed a civil libel lawsuit against Böhmermann, which led to the deletion of the poem’s recital from the website of the corresponding public television channel (see C2).

B3 1.00-4.00 pts0-4 pts
Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process? 3.003 4.004

Restrictions on online content in Germany generally meet minimum requirements for transparency, proportionality, and independent appeal.

NetzDG, approved in June 2017,1 came into effect on January 1, 2018, and obliges social media platforms with more than 2 million registered users in the country to investigate and delete flagged content, or otherwise face hefty fines.2 If the flagged content is “obviously illegal,” the company must block or remove it within 24 hours; if otherwise illegal, the content must be blocked or removed within seven days. Under NetzDG, illegality is defined in relation to 22 articles in Germany’s criminal code (see C2).3 After making a decision to delete or preserve flagged content, the company has to inform both the complainant and the user who uploaded the content. If it fails to meet any of these requirements, the company could face fines of up to €50 million ($58 million) (see B6).4 NetzDG does not specify appeal mechanisms for unjustly deleted content.

In April 2019, the European Parliament passed a regulation aimed at “tackling the dissemination of terrorist content online” which, among other things, would require platforms to delete such content within one hour of receiving a removal order from authorities.5 Platforms that routinely fail to do so could be fined 4 percent of their overall annual revenue (see B6). Critics have voiced concerns that ambiguity surrounding the definition of “terrorist content” and the short timeline for removing such content will lead companies to “remove speech first and ask questions later,” possibly through automatic filters.6 The resolution has not yet entered into force, though, as it must be approved by other EU bodies. On the EU level, discussions on online filters for terrorist propaganda started in 2017. In March 2017, Facebook, Microsoft, Twitter, and YouTube launched the prototype of an upload filter based on a shared database to suppress terrorist and extremist content.7 In March 2018, the European Commission recommended that social media platforms expedite and broaden this approach.8 Such upload filters have been criticized for infringing on freedom of expression, not least because they do not seem limited to terrorist and extremist content, despite announcements to the contrary.9

In March 2019, the European Parliament passed the Directive on Copyright, which the European Council then approved in April 2019.10 The directive imposes a so-called link tax, which grants online publishers the right to charge aggregators like Google News for excerpting proprietary content, such as news articles (see B6).10 It also makes content-hosting and -sharing platforms such as YouTube liable for copyrighted material uploaded by users.10 Observers have warned that this reform could lead to the implementation of “upload filters” on such platforms. These could preemptively block legitimate online content such as parodies and remixes and would have a chilling effect on online expression.11 EU member states have two years to adopt these provisions into their national laws. The political parties comprising Germany’s current government have pledged to prevent the implementation of upload filters, though it remains to be seen whether and how they will uphold this pledge.12

The protection of minors constitutes an important legal basis for extant regulation of online content.13 Youth protection on the internet is principally addressed by Germany’s states through the Interstate Treaty on the Protection of Human Dignity and the Protection of Minors in Broadcasting and Telemedia (JMStV), which bans content similar to that outlawed by the criminal code, such as the glorification of violence and sedition, and provides a framework for age restrictions on content without specifying measures to implement them.14 A controversial provision of the JMStV, reflecting the regulation of broadcast media, mandates that adult-only content on the internet, including pornography, may only be made available in a way that verifies the age of the user.15 The JMStV enables the blocking of content if other actions against offenders fail and if such blocking is expected to be effective.

The search engine de-listing process under the “right to be forgotten” follows guidelines developed by an advisory group of experts, aiming to strike a balance between the “right to be forgotten” on the one hand and freedom of expression and information on the other.16 Under the new General Data Protection Regulation (GDPR), which took effect on May 25, 2018, the “right to be forgotten” is now part of codified data protection law across the EU.17

The autocomplete function of Google’s search engine also has been subject to legal scrutiny. In 2013, the Federal Court of Justice ruled that Google was liable, under some circumstances, for the infringement of personal rights through its autocomplete function.18 In a subsequent decision concerning the same case, the Higher Regional Court in Cologne decided that Google’s liability amounted to an obligation to delete the automated search query combination in question and refrain from repeating the tort—but not to pay further compensation.19

Companies can be held liable for illegal content under the Telemedia Act. The law distinguishes between full liability for one’s own content and limited “breach of duty of care” (Störerhaftung) for service providers and host providers for third-party content.20 Additional blocking and filtering obligations for hosting providers were put in place by the Federal Court of Justice in the 2012 Alone in the Dark case.21 In this case, game publisher Atari sued the file-hosting service Rapidshare for copyright violations concerning the Alone in the Dark title. Though the court did not hold Rapidshare liable for direct infringement, they found that Rapidshare neglected its monitoring obligations under the “breach of duty of care” standard.22 In a subsequent decision, the Federal Court of Justice substantiated and further extended host providers’ duties. According to this judgment, if the business model of a service aims to facilitate copyright infringements, the company is considered less worthy of immunity from intermediary liability.23 As a consequence, hosting providers are required to monitor their own servers and search for copyright-protected content as soon as they have been notified of a possible violation.24

While ISPs are not required to proactively monitor the information of third parties on their servers, they become legally responsible as soon as they gain knowledge of violations or violate due diligence requirements.25

In 2015, the Federal Court of Justice ruled that the blocking of a website may be ordered as a last resort if it is the only means for a copyright holder to effectively end rights infringement on that website.26 In such cases, after an assessment of all relevant circumstances, the owner of the copyright may ask an ISP to block the website in question. If the provider refuses, a court can intervene. The decision has been subject to criticism, with detractors noting that blocking is considered easy to circumvent and thus ineffective.26

In June 2017, the ruling coalition in the federal parliament enacted a law that abolished most legal liability for providers of open wireless networks, or hotspots. For years, the number of free, public Wi-Fi hotspots in Germany remained low, as providers feared potential negative legal consequences if their networks were used for illegal activities.27 While the new law was generally viewed positively by experts, it drew some criticism as well, as it could allow copyright holders to coerce hotspot providers into blocking certain websites or content that are known to violate copyright or other laws.28 Under the law, copyright holders have a claim to blocking measures which can include blocking of websites infringing on their rights by the hotspot provider.

  • 1. Markus Reuter, “Bundestag beschließt Netzwerkdurchsetzungsgesetz” [Federal parliament enacts Social Network Enforcement Law], Netzpolitik.org, June 30, 2017, http://bit.ly/2tujxiB
  • 2. Constanze Kurz, “NetzDG gegen Hass und verbal Gewalt: Das Löschen beginnt“ [Social Network Enforcement Law against hate and verbal violence: The deleting begins], Netzpolitik.org, January 2, 2018, https://bit.ly/2lM9RKD
  • 3. https://germanlawarchive.iuscomp.org/?p=1245
  • 4. § 4 Abs. 2 S. 2 Netzwerkdurchsetzungsgesetz (Gesetz zur Verbesserung der Rechtsdurchsetzung in sozialen Netzwerken), https://bit.ly/2EY9TrQ in connection with § 30 Abs. 2 S.OWiG (Gesetz über Ordnungswidrigkeiten), https://bit.ly/2XCxzec
  • 5. http://www.europarl.europa.eu/doceo/document/TA-8-2019-0421_EN.pdf?redi…
  • 6. https://www.justsecurity.org/62857/eu-terrorist-content-proposal-sets-d…
  • 7. Matthias Monroy, “Facebook, Twitter & Co: Upload-Filter gegen ‘Terrorismus und Extremismus’ gestartet” [Facebook, Twitter, and co.: upload filter against ‘terrorism and extremism’ activated], Netzpolitik.org, March 13, 2017, http://bit.ly/2mHSJHz
  • 8. Holger Bleich, “EU verlangt Online-Plattformen Upload-Filter ab sofort“ [EU demands online platform upload filter immediately], Heise.de, March 1, 2018, https://bit.ly/2EXODRB
  • 9. Tomas Rudl, “EU-Kommission: Immer mehr Plattformen sollen Uploads filtern“ [EU Commission: More and more platforms are supposed to filter uploads], Netzpolitik.org, February 23, 2018, https://bit.ly/2oxRgU2
  • 10. a. b. c. https://www.niemanlab.org/2019/04/what-the-eus-copyright-overhaul-means…
  • 11. Markus Beckedahl, „Chance verpasst: Dieses Urheberrecht bleibt in der Vergangenheit stecken“ [A missed opportunity: This copyright law remains stuck in the past], Netzpolitik.org, March 26, 2019, https://bit.ly/2FzruXX
  • 12. Melanie Amann, „CDU will Uploadfilter überflüssig machen“ [CDU wants to make uploadfilters superfluous], Spiegel Online, March 15, 2019, https://bit.ly/2Jv8FZz
  • 13. The legal framework regulating media protection of minors in particular consists of the Law for the protection of children and youth (“Jugendschutzgesetz”, JuSchG) of the federal government and the Interstate Treaty on the Protection of Minors in the Media (short “Jugendmedienschutzstaatsvertrag”, JMStV).
  • 14. Cf. the respective §§ 130, 131 StGB [Crimical Code]. For English translation, see: http://bit.ly/1rT41ps
  • 15. Cf. the respective § 5, Abs. 3 JMStV.
  • 16. Eco.de, “Ein Jahr Recht auf Vergessenwerden: Löschen von Suchergebnissen beeinträchtigt die Zivilgesellschaft” [One year right to be forgotten: Removal of search results impairs civil society], May 13, 2015, http://bit.ly/1N9DnDW
  • 17. As Article 17 GDPR; see https://www.eugdpr.org/the-regulation.html
  • 18. BGH [Federal Supreme Court], judgment of May 14, 2013, Az. VI ZR 269/12; Jürgen Kuri/Martin Holland, “BGH zu Autocomplete: Google muss in Suchvorschläge eingreifen” [BGH on autocomplete], May 14, 2013, http://heise.de/-1862062
  • 19. Beck Aktuell, “OLG Köln: Klage gegen Google auf Unterlassugn bestimmter Suchwortkombinationen erfolgreich” [Higher Regional Court Cologne: Injunction suit against Google concerning certain search query combinations successful], April 8, 2014, http://bit.ly/2dnwPSY; Adrian Schneider, “OLG Köln: Die Autocomplete-Entscheidung im Detail” [Higher Regional Court Cologne: the autocomplete decision in detail], Telemedicus, April 11, 2014, http://bit.ly/1iRT59G
  • 20. In particular: Part 3, §§ 7-10 TMG: liability for own content (§ 7, Abs. 1 TMG); limited liability for access providers (§§ 8, 9 TMG) and host providers (§ 10 TMG).
  • 21. BGH [Federal Court of Justice], judgment of July 12, 2012, Az. I ZR 18/11, http://openjur.de/u/555292.html
  • 22. Timothy B. Lee, “Top German court says RapidShare must monitor link sites for piracy,” Ars Technica, July 16, 2012, http://bit.ly/2dK2bVb
  • 23. BGH [Federal Court of Justice], judgment of 15 August, 2013, Az. I ZR 80/12, http://bit.ly/1MOQasE
  • 24. Thomas Stadler, “BGH erweitert Prüfpflichten von Filehostern wie Rapidshare” [Federal Court of Justice extends monitoring duties for host providers such as Rapidshare], Internet-Law, September 4, 2013, http://bit.ly/1N9EWSv
  • 25. BGH [Federal Court of Justice], judgment of March 27, 2012, Az. VI ZR 144/11, http://openjur.de/u/405723.html
  • 26. a. b. Constanze Kurz, “BGH-Entscheidung zu Netzsperren: Die nichtsnutzige digitale Sichtschutzpappe ist zurück” [Federal Court of Justice decision on blocking of websites: the useless digital screen wall is back], Netzpolitik.org, November 26, 2015, http://bit.ly/2d3wCmY
  • 27. In 2010, the German Federal High Court sentenced the private owner of a wireless router on the grounds that his or her open network allowed illegal activities. cf. Christopher Burgess, “Three Good Reasons to Lock Down Your Wireless Network,” The Huffington Post (blog), June 8, 2010, http://huff.to/1LYHK3k
  • 28. Ingo Dachwitz, “WLAN-Gesetz: Bundestag schafft Störerhaftung endlich ab, ermöglicht aber Netzsperren“ [Wi-fi law: Federal Parliament finally abolishes ‘breach of duty of care‘ regulation but enables blocking of websites], Netzpolitik.org, June 30, 2017, https://bit.ly/2sDsoLx
B4 1.00-4.00 pts0-4 pts
Do online journalists, commentators, and ordinary users practice self-censorship? 4.004 4.004

To date, self-censorship online has not been a significant or well-documented problem in Germany. Still, there are some rules reflected in the publishing principles of the German press which may constrain some journalists’ online speech. This self-binding code of ethic forms the basis for the evaluation of possible complaints from the public. It includes 16 provisions and is centered on the protection of human dignity.1

On the other hand, the criminal code and JMStV prohibit content such as child sexual abuse imagery, racial hatred, and the glorification of violence in a well-defined manner.

In spring of 2019, social media platforms began implementing more restrictive policies in order to prevent the spread of disinformation in the run-up to the European parliamentary elections in May 2019 (see B2). Subsequently, several users have had their posts removed or their accounts temporarily suspended for joking about the elections or the electoral process.2 Similarly, the NetzDG has been criticized for leading to a potential chilling effect on content posted online (see B3). There is, however, a lack of evidence that these restrictions have led to significant levels of self-censorship.

  • 1. Presserat [Press Council], “Pressekodex” [press code], version dated March 13, 2013, http://bit.ly/1FgsgW8
  • 2. Friedhelm Greis, „Twitter sperrt erste Accounts wegen Wahlwitzen“ [Twitter starts blocking accounts because of election jokes], Golem, May 5, 2019, https://bit.ly/2H612aG
B5 1.00-4.00 pts0-4 pts
Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest? 4.004 4.004

In general, the German online information landscape is free from content manipulation. While there were concerns about the proliferation of disinformation leading up to the September 2017 federal elections, no decisive impact was documented. Nevertheless, those concerns prompted legislators to push for controversial legal solutions with potential implications for freedom of expression online. Proposed solutions identifying or even prohibiting so-called bots, which were not precisely defined. Some definitions under discussion would cover human accounts on online platforms, which would then be targeted.1 So far, no specific, binding measures have been implemented.

In the aftermath of the elections for the European Parliament, which in Germany took place on May 26, 2019, experts concluded that disinformation only had a small impact on the vote results.2 Research conducted by the Oxford Internet Institute showed that, in proportion to professional news, what it termed “junk news” was only present in a ratio of 1:10. Sources of junk news consisted mostly of domestic media outlets with alternative or partisan perspectives. False news stories mostly featured content relating to immigration, religion, and terrorism.

  • 1. Markus Reuter, „Social Bots: Was nicht erkannt werden kann, sollte nicht reguliert werden“ [Social Bots: What can’t be identified shouldn’t be regulated], Netzpolitik.org, May 09, 2019, https://bit.ly/2vRVPfS
  • 2. Nahema Marchal et al., „Junk News During the EU Parliamentary Elections: Lessons from a Seven-Language Study of Twitter and Facebook“, Oxford Internet Institute, May 21, 2019, https://bit.ly/2JWKUdg
B6 1.00-3.00 pts0-3 pts
Are there economic or regulatory constraints that negatively affect users’ ability to publish content online? 2.002 3.003

While individual internet users face few economic or regulatory obstacles to publishing content online, German law exposes companies such as social media platforms or hosting providers to substantial financial penalties.

NetzDG (see B3) imposes hefty fines on social media companies that fail to comply with content-removal and reporting requirements. Moreover, the law has forced social media companies to set up expensive internal systems to comply with its requirements. Facebook, Google, and Twitter collectively employ thousands of people to review complaints submitted under NetzDG. If and when it enters into force, the EU terrorist content regulation could impose even heftier fines on these companies and would necessitate the hiring of many more personnel. Consequently, both NetzDG and the EU terrorist content regulation make it more difficult for new companies to enter the German market.

In April 2017, the federal parliament incorporated EU rules on net neutrality into domestic law.1 However, observers remarked that several plans from ISPs and mobile phone providers, such as Deutsche Telekom’s “Stream On,” Vodafone’s “Vodafone Pass,” or O2’s “Unlimited” plan, violate strict net neutrality by favoring certain services, including video streaming services.2 BNetzA subsequently prohibited parts of “Stream On” for breaching net neutrality principles3 and is currently looking into the other two zero-rating services. However, Deutsche Telekom has repeatedly delayed changing its “Stream On” plan, which remains noncompliant with net neutrality principles.4

The government formed in early 2018 has reiterated its support for ancillary copyright for publishers (Leistungsschutzrecht für Presseverleger), in force since 2013.5 The regulation allows publishers to monetize excerpts that search engines display as part of their search results.6 Some fear this infringes upon constitutionally protected rights to freedom of expression and information.7 In order to limit monetization, search engines began excluding results leading to the websites of publishers that monetized their links or displayed links without the corresponding excerpts.8 In response, a publishers’ collecting society, VG Media, started antitrust proceedings against Google. In September 2015, the Federal Cartel Office decided that Google was not in violation of antitrust laws.9 Later, in November 2015, arbitration proceedings between Google and VG Media broke down when the search engine rejected VG Media’s demand for 6 percent of Google’s aggregate turnover as license fees.10 In February 2017, the first proceedings dealing with the law commenced before a Berlin district court, after VG Media filed a lawsuit against Google.11 In May 2017, the court referred the case to the European Court of Justice.12 Though the issue remains unsettled, ancillary copyright for publishers was included in the EU Copyright Directive, which was approved in April 2019.13

  • 1. Deutscher Bundestag, “Bundestag beschließt Netzneutralität im Datenverkehr” [Federal parliament enacts net neutrality in data traffic], press release, April 27, 2017, https://bit.ly/2qLuNnu
  • 2. Mirjam Hauck and Helmut Martin-Jung, “Auch in Deutschland ist die Netzneutralität durchlöchert“ [In Germany, too, net neutrality has holes], Sueddeutsche.de, December 15, 2017, https://bit.ly/2Jd9tPv; Thomas Rudl, „Netzneutralität: o2 untersagt freie Endgerätewahl, Bundesnetzagentur prüft“ [Net neutrality: o2 bans freedom of choice for terminal devices, BNetzA is scrutinizing], August 30, 2018, https://bit.ly/2PRz30A
  • 3. Markus Reuter, “Netzneutralität: Bundesnetzagentur untersagt Teile von Stream On” [Net neutrality: Federal Network Agency prohibits parts of Stream On], Netzpolitik.org, December 15, 2017, https://bit.ly/2j9LLIU
  • 4. Thomas Rudl, „Gerichtsurteil: StreamOn der Telekom verletzt die Netzneutralität“ [Court order: StreamOn of Telekom breaches net neutrality], November 20, 2018, https://bit.ly/2BoVhSC
  • 5. Leonhard Dobusch, “Urheberrecht im Koalitionsvertrag: Zwischen ‘modernen Nutzungsformen‘ und einem EU-Leistungsschutzrecht“ [Copyright Law in the coalition agreement: Between ‘modern forms of use‘ and a EU ancillary copyright], Netzpolitik.org, February 9, 2018, https://bit.ly/2sp4sjs
  • 6. David Meyer, “Google fighting German plan for linking fee”, cnet.com, November 27, 2012, http://cnet.co/1WCkg72
  • 7. Philipp Otto, “Kommentar: ein unmögliches Gesetz” [Comment: an impossible law], iRights.info, August 30, 2012, http://bit.ly/1jE6XoJ
  • 8. Henry Steinhau, “Leistungsschutzrecht: T-Online und 1&1 verbannen Verlage der VG Media aus ihren Suchergebnissen” [Ancillary copyright: T-Online and 1&1 ban VG Media publishers from their search results], irights.info, September 16, 2014, http://bit.ly/1JKFxlY
  • 9. Friedhelm Greis, “Kartellamt hält Googles Vorgehen gegen Verlage für begründet” [Cartel Office considers Google’s approach against publishers justified], golem.de, September 9, 2015, http://bit.ly/2dJRQc4
  • 10. Stefan Krempl, “Schiedsverfahren zum Leistungsschutzrecht gescheitert” [Arbitration proceedings regarding ancillary copyright failed], heise.de, October 28, 2015, http://bit.ly/1NPyayF
  • 11. Werner Pluta, “Streit um Leistungsschutzrecht geht vor Gericht” [Dispute concerning ancillary copyright goes to court], Golem.de, February 6, 2017, http://bit.ly/2kFfSKT
  • 12. Spiegel Online, “Leistungsschutzrecht kommt vor EuGH” [Ancillary Copyright referred to ECJ], May 9, 2017, https://bit.ly/2qVqWD3
  • 13. Zeit Online, „EU einigt sich auf Reform des Urheberrechts“ [EU agrees on copyright reform], February 13, 2019, https://bit.ly/2vSQ8yn
B7 1.00-4.00 pts0-4 pts
Does the online information landscape lack diversity? 4.004 4.004

Germany is home to a vibrant internet community and blogosphere. Local and international media outlets and news sources are accessible and represent a diverse range of opinions.

B8 1.00-6.00 pts0-6 pts
Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues? 6.006 6.006

During the coverage period, several civil society initiatives used the internet to conduct advocacy campaigns related to political and social issues in Germany.

In relation to discussions about copyright reform and the passing of the EU Copyright Directive, a large online and offline protest movement formed across Europe, with most protests taking place in Germany. Originating in online activism ongoing for years, the movement spread across social media, especially YouTube, combining the concerns of traditional online rights activists with those of artists, the creative industry, journalists, and ordinary users. The protests saw an online petition gather over 5 million signatures as well as marches of almost 200,000 people in locations across Europe.1

Social media has also played a crucial role in the growth of the climate protection movement. The student protest movement “Fridays for Future,” which originated in Sweden and includes both weekly school strikes as well as marches, are largely organized using social media. In Berlin, the protests have been ongoing since September 2018.2 The movement has been able to put the issue on the political agenda and significantly influence public perception of the climate crisis.3

In the run-up to the elections to the European Parliament, popular YouTuber Rezo published a video criticizing Germany’s current ruling parties, voicing criticism similar to those expressed at protests against the Copyright Directive and climate crisis.4 The video garnered over 15 million views and received significant media attention. Following disappointing election results for the Christian Democrats, who were Rezo’s main target, party leader Annegret Kramp-Karrenbauer partly blamed the video for her party’s performance and advocated for regulation of “opinion making” during election campaigns.5 Opponents as well as party members called this an attack on freedom of expression online, and specific legislation has yet to be proposed.

  • 1. Markus Reuter, „Die Protestbewegung hat gewonnen“ [The protest movement won], Netzpolitik.org, March 26, 2019, https://bit.ly/2HkNN4D; Change.org, „Stop the censorship-machinery! Save the Internet!“, May 10, 2019, https://bit.ly/2tca5P5
  • 2. Hannes Soltau, “Entsteht gerade eine ökologische Jugendbewegung?” [Is there an ecological youth movement in formation?], Deer tagesspiegel, February 22, 2019, https://bit.ly/2JxSY3W
  • 3. Jakob Schlandt, „Für immer mehr Deutsche ist Klimawandel das wichtigste Problem“ [Climate change is the most important issue for a growing number of Germans], Der Tagesspiegel, April 24, 2019, https://bit.ly/2YphJDw
  • 4. Rezo ja lol ey, „Die Zerstörung der CDU“ [The destruction of the CDU], YouTube, May 18, 2019, https://www.youtube.com/watch?v=4Y1lZQsyuSQ
  • 5. Markus Beckedahl, „Influencer sind für die CDU nur gut, wenn sie für die CDU mobilisieren“ [Influencers are only good accorting to the CDU, if they mobilize fort he CDU], Netzpolitik.org, May 28, 2019, https://bit.ly/2Ii85MT

C Violations of User Rights

In the aftermath of the 2015–16 refugee crisis, there has been a surge in investigations for online “incitement to hatred.” Meanwhile, the government continued to take steps to expand surveillance, with new legislation empowering law enforcement agencies on the federal and state levels to install malware on electronic devices for the purpose of criminal investigations, as well as proposals to curb anonymity online. In December 2018, politicians, television personalities, YouTubers, and activists were doxed in a major hacking incident. An individual who confessed to the leaks, a German citizen, was arrested in January 2019.

C1 1.00-6.00 pts0-6 pts
Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence? 5.005 6.006

Article 5 of Germany’s Basic Law guarantees freedom of expression and freedom of the media. Judicial bodies operate independently, and generally support the protection of basic rights.

Since 2016, the Office of the Federal Commissioner for Data Protection and Freedom of Information has been an independent supreme federal authority, a clear upgrade from its former status as a subdivision of the Federal Ministry of the Interior.1 This change of constitutional status entailed a significantly larger budget and staff.2

Online journalists are largely granted the same rights and protections as journalists in the print or broadcast media. However, the official press card remains available only to “professional” journalists, meaning those whose journalistic activities account for at least 51 percent of their income.3 This card is often connected to granting rights of privileged access for journalists, e.g., to demonstrations. Similarly, the German code of criminal procedure grants the right to refuse testimony solely to individuals who have “professionally” participated in the production or dissemination of journalistic materials.4

After two journalists from the online outlet Netzpolitik briefly faced criminal proceedings for alleged treason in 2015, Federal Minister of Justice and Consumer Protection Heiko Maas announced a bill with the aim of explicitly excluding journalists from the scope of the treason provision in the criminal code. However, the promised reform has not made any progress to date.5

  • 1. “Endlich! Unabhängige Datenschutzbehörde für Deutschland” [Finally! Independent data protection agency for Germany], Datenschutzbeauftragter-info.de, August 27, 2014, http://bit.ly/1jE9tv3
  • 2. “Bundesdatenschutz-Behörde wird 2016 unabhängig” [Office oft he Federal Commissioner for Data Protection will become independent in 2016], N-TV.de, December 30, 2015, http://bit.ly/2eeGkYL
  • 3. Christian Rath, “Hauptsache hauptberuflich” [Most importantly, professionally], taz.de, December 1, 2016, https://bit.ly/2HhlYcj
  • 4. Code of Criminal Procedure (StPO), § 53 (1) 5, http://bit.ly/1O9zcXz
  • 5. Christian Rath, “Zwei Jahre später“ [Two years later], taz.de, September 18, 2017, https://bit.ly/2F2SJI8
C2 1.00-4.00 pts0-4 pts
Are there laws that assign criminal penalties or civil liability for online activities? 3.003 4.004

The German criminal code includes numerous prohibitions that apply to the online realm, such as Section 130, which penalizes calls for violent measures against minority groups and assaults on human dignity.1 This provision is seen as legitimate in the eyes of many Germans, particularly because it is generally applied in the context of Holocaust denial.2 NetzDG defines illegal online content in relation to 22 provisions in the German criminal code, including Section 130. Other provisions prohibit defamation, forming a criminal or terrorist organization, and “using symbols of unconstitutional organizations.”3 In the context of NetzDG, many activists, politicians, and officials have expressed concern that these provisions are too broad. In addition to facilitating content removals, these provisions carry penalties in the form of fines and, in some cases, jail time.

In response to a case concerning the satirist Jan Böhmermann, who in 2016 came under criminal investigation for a provocative poem mocking Turkish president Recep Tayyip Erdoğan, the federal parliament abolished a provision of the criminal code that penalizes insulting foreign leaders.4 Erdoğan also filed a civil libel lawsuit against Böhmermann, which led to a ban on three-fourths of the controversial poem and its deletion from the website of the television channel on which Böhmermann performs.5 Both parties appealed the judgment. In May 2018, the judgement was upheld, with an appellate court rejecting Böhmermann’s request to repeal the partial ban. At the same time, the court ruled that Erdoğan had no right to have the entire poem prohibited.6 The poem remains partially banned. In January 2019, Böhmermann launched a complaint with the Federal Court of Justice challenging the rejection.7

  • 1. See Bundeszentrale für politische Bildung [Federal agency for political education], “Volksverhetzung” [incitement to hatred], http://bit.ly/2eoHnab
  • 2. BVerfG, [Federal Constitutional Court] 1 BvR 2150/08 from November 4, 2009, Absatz-Nr. (1 - 110), http://bit.ly/1KWt940; See also: Press release no. 129/2009 of 17 November 2009, Order of 4 November 2009 – 1 BvR 2150/08 – § 130.4 of the Criminal Code is compatible with Article 5.1 and 5.2 of the Basic Law, http://bit.ly/2e0uK0C
  • 3. https://www.ceps.eu/system/files/RR%20No2018-09_Germany%27s%20NetzDG.pdf
  • 4. DW, “Germany revokes lese majeste law”, Deutsche Welle Online, June 2, 2017, https://bit.ly/2qSgATK
  • 5. Christian Rath, “Drei Viertel des Gedichts bleiben verboten“ [Three fourths of the poem remain banned], Badische Zeitung, February 11, 2017, http://bit.ly/2prM0Vp
  • 6. Welt Online, “Böhmermann und Erdogan erleiden Schlappe vor Gericht“ [Boehmermann and Erdogan lose in court], May 15, 2018, https://bit.ly/2Jc0JgS
  • 7. WAZ, „Böhmermann streitet weiter für „Schmähgedicht“ gegen Erdogan“ [Böhmermann keeps fighting for provocative poem against Erdogan], January 22, 2019, https://bit.ly/2VzbOic
C3 1.00-6.00 pts0-6 pts
Are individuals penalized for online activities? 5.005 6.006

In the context of the refugee crisis, there has been a surge in law enforcement investigations invoking the provision on “incitement to hatred” in the German criminal code, mostly related to hate speech against asylum seekers on social media platforms such as Facebook. As a result, there have been considerably more convictions for incitement to hatred.1 The latest official crime statistics document 4,486 cases of “incitement to hatred” in 2018.2 In June 2018, police in 10 German states conducted raids against 29 social media users for alleged hate speech.3

  • 1. See for example: Pia Ratzesberger, “Verurteilt wegen Hasskommentaren auf Facebook” [Convicted for hateful comments on Facebook], sueddeutsche.de, February 3, 2016, http://bit.ly/1P8Luzi; Lisa Steger, “Hennigsdorfer soll Geldstrafe wegen Volksverhetzung zahlen” [Person from Hennigsdorf fined for incitement to hatred], rbb-online.de, April 26, 2016, http://bit.ly/2d3m8Uz; “Bewährungsstrafe wegen Facebook-Hetze gegen Flüchtlinge” [Suspended sentence for incitement against refugees on Facebook], Zeit Online, October 16, 2015, http://bit.ly/1PKYR6U
  • 2. Daniel Leisegang, “Rechte Hetze im Netz und die Grenzen des Rechtsstaats“ [Rightwing incitement online and the limits of the state under the rule of law], Netzpolitik.org, September 30, 2017, https://bit.ly/2HkY2E5; Statista, „Polizeilich erfasste Fälle von Volksverhetzung in Deutschland von 1996 bis 2018“, [Cases of incitement to hatred in 1996 until 2018 as recorded by the police], 2019, https://bit.ly/2SLr8CS
  • 3. Spiegel Online, “Bundesweite Razzien gegen Hetze im Netz“ [Nationwide raids against incitement online], June 14, 2018, https://bit.ly/2VRomkH
C4 1.00-4.00 pts0-4 pts
Does the government place restrictions on anonymous communication or encryption? 3.003 4.004

User anonymity is compromised by SIM card registration rules under the Telecommunications Act of 2004, which requires purchasers to submit their full name, address, international mobile subscriber identity (IMSI number), and international mobile station equipment identity (IMEI) number.1 Nonetheless, the principle of anonymity on the internet is largely upheld as a basic right. A 2014 decision by the Federal Court of Justice further strengthened this right, confirming that an online ratings portal is under no obligation to disclose the data of anonymous users.2

Website owners and bloggers are not required to register with the government. However, most websites and blogs need to have an imprint naming the person in charge and providing a contact address. The anonymous use of email services, online platforms, and wireless internet access points is legal. However, in May 2019 the Federal Ministry for the Interior brought forward a new initiative on mandatory backdoors for encrypted messaging services.3 The proposal has been widely criticized by civil society organizations and industry professionals, including by the iRights.Lab, as it would mark the departure from longstanding pro-encryption policy. Experts also criticized a 2017 legislative proposal by the governing coalition to allow civil lawsuits to gain knowledge of an alleged offender’s real name in the case of violations of the right of personality online, especially defamation. Observers voiced concern that this might infringe on the right to anonymity online if interpreted broadly.4 Discussion of this proposal is still ongoing.5

In March 2019, the Federal Council proposed a bill against illegal online marketplaces. It will add a new criminal penalty for offering services in Germany on the Darknet that contribute to or enable other crimes such as the spread of illegal drugs, explosives, or child sexual abuse imagery.6 The bill specifically mentions the use of the Tor browser as a vehicle to access such services. Due to its broad language, legal observers argue the scope of the bill would encompass potentially all Darknet services and therefore severely hinder the effective use of the Tor services to anonymize one’s online communication.7

  • 1. § 111 Telecommunications Act (TKG), https://bit.ly/2X5VQw5
  • 2. “BGH weist Auskunftsanspruch gegen Internet-Portal zurück” [Federal Court of Justice rejects claim to disclosure against internet portal], Zeit.de, July 1, 2014, http://bit.ly/1iUs1Xa
  • 3. Marcel Rosenbach & Wolf Wiedmann-Schmidt, “Seehofer will Messengerdienste zum Entschlüsseln zwingen” [Seehofer wants to force messaging service to decrypt], May 24, 2019, https://bit.ly/2QQFaTV
  • 4. Markus Reuter, “Hate Speech: Union und SPD wollen Klarnamen-Internet durch die Hintertüre” [Hate speech: CDU and SPD want real name Internet through the back door], Netzpolitik.org, February 23, 2017, http://bit.ly/2lD7UQt
  • 5. Tilmann Wittenhorst, „Gegen Hetze im Netz: Schäuble fordert Klarnamen-Pflicht“ [Against hate on the net: Schäuble wants real name provision], May 19, 2019, https://bit.ly/2EmHpsZ
  • 6. Bundesrat, “Ausgewählte Tagesordnungspunkte der 975. Sitzung am 15.03.2019” [Selected agenda items oft he 975th session on March 15, 2019], March 15, 2019, https://bit.ly/2WF1YrP
  • 7. Matthias Bäcker & Sebastian Golle, “„Darknet“-Gesetz bedroht sozial wünschenswerte Internet-Dienste“ [Darknet-bill threatens socially desirable internet services], Netzpolitik.org, March 23, 2019, https://bit.ly/2CYpPuN
C5 1.00-6.00 pts0-6 pts
Does state surveillance of internet activities infringe on users’ right to privacy? 2.002 6.006

Article 10 of Germany’s Basic Law guarantees the privacy of letters, posts, and telecommunications. These articles generally safeguard offline as well as online communication. A groundbreaking 2008 ruling by the Federal Constitutional Court established a new fundamental right regarding the “confidentiality and integrity of information technology systems” as part of the general right of personality under Article 2 of the Basic Law.1

A German parliamentary commission of inquiry on intelligence practices—established after former US National Security Agency (NSA) contractor Edward Snowden leaked documents on various activities of US, British, and German intelligence services in 2013—completed its work in 2017.2 While the governing coalition concluded that the conduct of both the allied foreign intelligence services and the German Federal Intelligence Service (BND) had been and continued to be within the bounds of the law, the opposition argued that ongoing mass surveillance was unlawful. Both sides drew criticism for not demanding sufficient steps to end the practice in Germany.3 Meanwhile, the German government has taken further steps to significantly expand online surveillance.

A new law on the BND enacted in late 2016 continued to be scrutinized over the course of the reporting period.4 While the BND is mainly tasked with foreign intelligence collection, one of the main concerns is that the law permits monitoring of all network traffic channeled through the world’s largest internet exchange point, DE-CIX (German Commercial Internet Exchange) in Frankfurt, which would at least unintentionally affect communications by German citizens as well. In 2016, before the new law’s enactment, the operators of DE-CIX had sued the BND in the Federal Administrative Court, arguing that the intelligence service’s practices were unconstitutional.5 In May 2018, the court dismissed the claims, declaring that monitoring of the exchange point was lawful.6 Separately, because the BND has explicit permission to monitor domestic internet traffic under the new law as long as it is targeting foreign citizens,4 press freedom groups argued that the law threatens the constitutionally protected work of foreign journalists reporting in Germany.7 In reaction to this aspect of the law, a number of nongovernmental organizations (NGOs) and foreign investigative journalists filed a constitutional complaint in January 2018; the case was ongoing at the end of this report’s coverage period.8

The BND had also been storing and processing bulk metadata records of phone calls via its traffic-analysis system VerAS. In response to a lawsuit filed by Reporters Without Borders Germany,9 on December 2017, the Federal Administrative Court rejected such intelligence gathering, prohibiting the BND from collecting and processing communications metadata due to a lack of sufficient legal basis for the conduct.10 In May 2018, the BND officially announced that it would end the practice.11 Reporters Without Borders Germany also lodged a parallel complaint with the European Court of Human Rights, alleging that the intelligence service had been unlawfully monitoring the NGO’s own email correspondence.12

Surveillance conducted by intelligence services under the Act for Limiting the Secrecy of Letters, Posts, and Telecommunications (also known as the G10 Act) has continued to decline.13 With respect to international terrorism, the international arms trade, human smuggling, and international cybercrime, the German intelligence services in 2017 (the latest year for which data is available) conducted 14,436 interceptions of telecommunications in total, of which just 121 were deemed relevant for further inquiry by the BND. The BND’s practice of monitoring communications between Germany and foreign countries in accordance with the G10 Act has come under legal scrutiny. Amnesty International has filed a complaint before the Federal Constitutional Court, arguing that the authorities granted by the G10 Act are overly permissive and thus unconstitutional.14 The court has yet to decide on the case.15

Telecommunications interception by state authorities for criminal prosecutions is regulated by the code of criminal procedure and may only be employed for the prosecution of serious crimes for which specific evidence exists and when other, less intrusive investigative methods are likely to fail.

The 2008 Federal Constitutional Court ruling establishing a new fundamental right to the “confidentiality and integrity of information technology systems” also found that covert online searches are only permitted “if factual indications exist of a concrete danger” that threatens “the life, limb, and freedom of the individual” or “the basis or continued existence of the state or the basis of human existence.”16 Based on this ruling, the federal parliament in 2009 passed a law authorizing the Federal Bureau of Criminal Investigation (BKA) to conduct—with a warrant—covert online searches to prevent terrorist attacks.17 The law also authorizes the BKA to employ other methods of covert data collection, including dragnet investigations, surveillance of private residences, and the installation of software on a suspect’s computer that intercepts their communications at the source. Separately, antiterrorism legislation that was first passed after the September 11, 2001, terrorist attacks—which, among other provisions, obliges banks or telecommunications operators to disclose customer information to the authorities—was once again extended in 2015 through 2021.18

In June 2017, however, the federal parliament enacted the “law for more effective and more practical criminal proceedings” (Gesetz zur effektiveren und praxistauglicheren Ausgestaltung des Strafverfahrens). Most significantly, it included an extensive list of criminal offenses that would allow for the deployment of spyware on suspects’ mobile phones, tablets, and computers in order to enable monitoring of written and spoken text as well as the copying of data.19 Critics consider the law unconstitutional due to its expansive scope and long list of applicable offenses.20 In accordance with the law, the BKA has been permitted to install monitoring software (the so-called Bundestrojaner, or “federal Trojan horse”) on suspects’ devices since January 2018.21 So far, three different types of Bundestrojaner have been developed.22 BKA hackers have reportedly breached the encrypted messaging app Telegram and are targeting WhatsApp.23

In Bavaria, Germany’s second-largest state by population, the governing Christian Socialist Union (CSU) introduced a bill at the beginning of 2018 that would grant the Bavarian police vastly expanded powers, including the authority to access any information technology system preventively in the event of a broadly defined imminent danger, without concrete evidence of a specific crime.24 Critics allege that the bill would blur the line between police and intelligence services, a strict distinction that was built into the constitution as a consequence of the abuses of the Nazi era.25 Federal interior minister Horst Seehofer, the former minister president of Bavaria and a member of the CSU, has stated that he intends to use the Bavarian law as a model for police laws in all German states.26 Since then, similar laws granting police forces vastly expanded power to access communications have been passed in, Saxony, North-Rhine Westphalia, Lower Saxony, Brandenburg, Hessen, Mecklenburg-Vorpommern, Rheinland-Pfalz, Saxony-Anhalt, and Baden-Württemberg, while others are under discussion in Berlin and Schleswig-Holstein.27 In some cases, these laws permit police to use Bundestrojaner.

Newly arriving migrants and refugees are also targets of measures that infringe on their privacy rights. According to 2017 amendments to the asylum law, an arriving refugee’s electronic device data, including location data, may be copied and analyzed in order to determine the person’s place of origin if he or she does not provide identity documents.28 Although authorities originally gave assurances that these measures would be limited to exceptional cases, later statements revealed that because no such limitation is provided for in the text of the law, the Federal Office for Migration and Refugees intends to implement the measures as standard practice.29

  • 1. BVerfG [Federal Constitutional Court], Provisions in the North-Rhine Westphalia Constitution Protection Act (Verfassungsschutzgesetz Nordrhein-Westfalen) on online searches and on the reconnaissance of the internet null and void, judgment of February 27, 2008, 1 BvR 370/07 Absatz-Nr. (1 - 267), http://bit.ly/1YVssS3; See also: Press release no. 22/2008, http://bit.ly/2dnoChN. For more background cf. Wiebke Abel/Burkhard Schaferr, “The German Constitutional Court on the Right in Confidentiality and Integrity of Information Technology Systems – a case report on BVerfG,” NJW 2008, 822”, 2009, 6:1 SCRIPTed 106, http://bit.ly/2dNZSCJ
  • 2. Federal Parliament, “Beschlussempfehlung und Bericht” [Recommendation of resolution and report], June 23, 2017, https://bit.ly/2qNLpeC
  • 3. Constanze Kurz, “Abschluss des NSA-BND-Ausschusses: Keine Revolte gegen die Geheimdienste“ [Conclusion of the NSA BND commission: No revolt against the intelligence services], Netzpolitik.org, June 29, 2017, https://bit.ly/2tqZsde
  • 4. a. b. Teresa Sickert, “Was das neue BND-Gesetz für Internetnutzer bedeutet“ [What the new BND law means for Internet users], Spiegel Online, October 19, 2016, http://bit.ly/2ejtHLP
  • 5. Spiegel Online, “Betreiber des Netzknotens DE-CIX verklagen BND“ [Operators of network exchange point DE-CIX sue BND], September 16, 2016, https://bit.ly/2cTDSDh
  • 6. Spiegel Online, “BND darf am Internetknoten weiter Daten abzapfen“ [BND may keep tapping internet exchange point], May 31, 2018, https://bit.ly/2kPeN1y
  • 7. Sabine Leutheusser-Schnarrenberger, “Stoppt das BND-Gesetz!“ [Stop the BND law!], Handelsblatt, October 21, 2016, http://bit.ly/2r46Z0n
  • 8. Zeit Online, “Ausländische Reporter klagen gegen BND-Gesetz” [Foreign reporters sue because of BND law], January 30, 2018, https://bit.ly/2vrx8tm
  • 9. Andre Meister, “Eingestuftes Gutachten: Der BND speichert massenhaft Daten, will aber Betroffene nicht informieren“ [Classfied assessment: BND stores data in bulk but refuses to inform affected], Netzpolitik.org, December 14, 2016, http://bit.ly/2gNO58i
  • 10. Anna Biselli, “Bundesverwaltungsgericht: BND-Metadatensammlung in Datenbank VerAS unzulässig“ [Federal Administrative Court: BND metadata collection in database VerAS unlawful], Netzpolitik.org, December 14, 2017, https://bit.ly/2F1FoQD
  • 11. Reporters Without Borders, “BND ends illegal data processing after ruling on RSF Germany lawsuit”, May 23, 2018, https://bit.ly/2x5grF3
  • 12. Reporters Without Borders, “RSF lodges ECHR complaint over German foreign intelligence agency’s mass surveillance”, December 8, 2017, https://bit.ly/2Bi7RnA
  • 13. See the report of the Parliamentary Control Panel: Deutscher Bundestag, Drucksache 19/ 10459, May 24, 2019, p. 8, https://bit.ly/2HgA4ih
  • 14. Kai Biermann, “Amnesty klagt gegen Überwachungsgesetz“ [Amnesty files complaint against surveillance law], Zeit Online, November 15, 2016, http://bit.ly/2fQDNSE
  • 15. Ulf Buermeyer, “GFF und Amnesty klagen gegen das “G 10”” [GFF and Amnesty file legal complaint against G10], Gesellschaft für Freiheitsrechte, October 23, 2016, https://freiheitsrechte.org/de-g10/
  • 16. Bundesverfassungsgericht [Federal Constitutional Court], Provisions in the North-Rhine Westphalia Constitution Protection Act (Verfassungsschutzgesetz Nordrhein-Westfalen) on online searches and on the reconnaissance of the Internet null and void, judgment of February 27, 2008, 1 BvR 370/07; For more background cf. W Abel and B Schafer, “The German Constitutional Court on the Right in Confidentiality and Integrity of Information Technology Systems – a case report on BVerfG”, NJW 2008, 822, (2009) 6:1 SCRIPTed 106, http://bit.ly/2dNZSCJ
  • 17. Dirk Heckmann, “Anmerkungen zur Novellierung des BKA-Gesetzes: Sicherheit braucht (valide) Informationen” [Comments on the amendment of the BKA act: Security needs valid information], Internationales Magazin für Sicherheit nr. 1, 2009, http://bit.ly/1KWuRm6
  • 18. “Anti-Terror-Gesetze gelten bis 2021“ [Anti terror laws in force until 2021], Tagescchau.de, November 27, 2015, http://bit.ly/2cZGl2H
  • 19. Angela Gruber and others, “Hackerangriff aus dem Bundestag“ [Cyber attack by the federal parliament], Spiegel Online, June 22, 2017, https://bit.ly/2sv0gMT
  • 20. Ulf Buermeyer, “Gutachterliche Stellungnahme“ [Expert assessment], Gesellschaft für Freiheitsrechte, May 31, 2017, https://bit.ly/2vD6nT6
  • 21. Heribert Prantl, “Die digitale Inquisition hat begonnen“ [The digital inquisition has begun], Sueddeutsche.de, January 27, 2018, https://bit.ly/2nq376Q
  • 22. Andre Meister, „Geheime Dokumente: Das Bundeskriminalamt kann jetzt drei Staatstrojaner einsetzen“, [Secret documents: The BKA can now employ three Staatstojaner], Netzpolitik.org, 26 June, 2018, https://bit.ly/2tx894N
  • 23. Andre Meister, “Geheimes Dokument: Das BKA will schon dieses Jahr Messenger-Apps wie WhatsApp hacken“ [Secret document: As early as this year, the BKA wants to hack messenger apps such as WhatsApp], Netzpolitik.org, July 20, 2017, https://bit.ly/2uvCTCl
  • 24. Markus Reuter, “CSU will Polizei in Bayern zum Geheimdienst aufrüsten“ [CSU wants to transform Bavarian police into intelligence service], Netzpolitik.org, February 8, 2018, https://bit.ly/2EcUYsR
  • 25. Marie Bröckling, “Ab Sommer in Bayern: Das härteste Polizeigesetz seit 1945“ [Coming this summer in Bavaria: The toughest police law since 1945], Netzpolitik.org, March 24, 2018, https://bit.ly/2pIwTUL
  • 26. Malene Gürgen, “Handgranaten für die Polizei“ [Hand granades for the police], taz.de, April 19, 2018, https://bit.ly/2Hiit9o
  • 27. Peggy Fiebig, „Mehr Befugnisse, mehr Sicherheit?“ [More powers, more safety?], Deutschlandfunk, March 27, 2019; Gesellschaft für Freiheitsrechte, „Übersicht über die Änderungen der Polizeigesetze in den einzelnen Bundesländern“ [Overview of changes to police laws in the federal states], Deutschlandfunk, June 13, 2019, https://bit.ly/2OK8b35
  • 28. Law on better enforcement of oblogation to leave the country [Gesetz zur besseren Durchsetzung der Ausreisepflicht], July 20, 2017, https://bit.ly/2reRNiC
  • 29. Leo Thüer, Chris Köver, Alexander Fanta “Asylverfahren: Handy-Durchsuchung bringt keine Vorteile” [Asylum processing: Cellphone searches have no benefits], Netzpolitik.org, July 11, 2018, https://bit.ly/2O6XKqR
C6 1.00-6.00 pts0-6 pts
Are service providers and other technology companies required to aid the government in monitoring the communications of their users? 4.004 6.006

Despite a 2014 CJEU decision that struck down the EU Data Retention Directive,1 the federal parliament enacted a law on data retention in 2015.2 Both the parliamentary opposition and data protection officials had fiercely objected to the legislative proposal, maintaining that it contradicted civil laws and violated the guidelines established by the CJEU. Under the new law, different sets of data have to be stored on servers located within Germany for 10 weeks, while providers have to retain the numbers, as well as the dates and times, of phone calls and text messages. ISPs are also required to retain the IP (internet protocol) addresses of all users, as well as the dates and times of connections. The location data of mobile phone connections must be saved for four weeks. The requirements exclude sites accessed, email traffic metadata, and the content of communications.

Several constitutional complaints against the data retention legislation have been filed and are pending at the Federal Constitutional Court.3 In February 2017, the federal parliament’s own research service concluded that the law does not conform to the guidelines set by the CJEU in its 2014 ruling and is thus contrary to EU law.4 After the internet provider Spacenet filed a lawsuit against its obligation to start storing its customers’ data, the Higher Administrative Court of North Rhine–Westphalia, which has jurisdiction over this question, likewise decided in June 2017 that the German legislation contradicts EU law and is thus not applicable to Spacenet’s conduct.5 Since then, the application of the law has de facto been suspended. ISPs never started to store any data based on retention legislation.

The amended Telecommunications Act of 2013 regulates “stored data inquiry” requirements (Bestandsdatenauskunft).6 Under this law, approximately 250 registered public agencies, among them the police and customs authorities, are authorized to request from ISPs both contractual user data and sensitive data. While the 2004 version of the law allowed the disclosure of sensitive user data only for investigations of criminal offenses, the amended act extended it to cases of misdemeanors or administrative offenses. In addition, whereas the disclosure of sensitive data and dynamic IP addresses normally requires an order by the competent court, contractual user data (such as the user’s name, address, telephone number, and date of birth) can be obtained through automated processes. Moreover, several studies have shown that judicial review does not actually take place in a majority of instances where it is required.7

  • 1. Court of Justice of the European Union, “The Court of Justice declares the Data Retention Directive to be invalid,” press release No 54/14, April 8, 2014, http://bit.ly/1svi4QN
  • 2. “Bundestag beschließt Vorratsdatenspeicherung“ [Bundestag enacts data retention], Faz.net, October 16, 2015, http://bit.ly/2e0seXT
  • 3. Jakob May, “Weitere Verfassungsbeschwerde gegen Vorratsdatenspeicherung eingereicht” [Further constitutional complaint against data retention filed], Netzpolitik.org, January 27, 2016, http://bit.ly/1nQGru9
  • 4. Tomas Rudl, “Bundestagsgutachten: Deutsche Vorratsdatenspeicherung genügt EuGH-Vorgaben nicht“ [Parliamentary legal assessment: German data retention does not conform to CJEU guidelines], Netzpolitik.org, February 23, 2017, http://bit.ly/2lLC5oz
  • 5. Anna Biselli, “Zusammengefasst: Die Entscheidung zur Vorratsdatenspeicherung und ihre Folgen“ [Summary: The decision concerning data retention and its consequences], Netzpolitik.org, June 23, 2017, https://bit.ly/2uh5VUL
  • 6. Bundesrat, “Mehr Rechtssicherheit bei Bestandsdatenauskunft” [More legal certainty for stored data inquiry], Press release no. 251/2013, May 3, 2013, http://bit.ly/1j5NgWK
  • 7. Two independent studies from by the Universität of Bielefeld (2003: Wer kontrolliert die Telefonüberwachung? Eine empirische Untersuchung zum Richtervorbehalt bei der Telefonüberwachung“ [Who controls telecommunication surveillance? An empirical investigation on judicial overview of telecommunication surveillance], edited by Otto Backes and Christoph Gusy, 2003) and Max-Planck-Institut Institute for Foreign and International Criminal Law (Hans-Jörg Albrecht, Claudia Dorsch, Christiane Krüpe 2003: Rechtswirklichkeit und Effizienz der Überwachung der Telekommunikation nach den §§ 100a, 100b StPO und anderer verdeckter Ermittlungsmaßnahmen [Legal reality and efficiency of wiretapping, surveillance and other covert investigation measures], http://www.mpg.de/868492/pdf.pdf) evaluated the implementation of judicial oversight of telecommunications surveillance. Both studies found that neither the mandatory judicial oversight nor the duty of notification of affected citizens are carried out. According to the study by the Max Planck Institute, only 0.4 percent of the requests for court orders were denied.
C7 1.00-5.00 pts0-5 pts
Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in retribution for their online activities? 4.004 5.005

There were very few reported cases of direct physical intimidation or violence against online journalists or other ICT users in retaliation for their activities during the coverage period. However, the coverage period saw a police raid against Zwiebelfreunde, an activist association that promoting online anonymity tools—an action a court later ruled illegal.

In June 2018, police raided the offices of the Zwiebelfreunde, as well as the homes of its board members in Augsburg, Berlin, Dresden, and Jena, in order to obtain material relevant to criminal proceedings against unknown suspects accused of inciting illegal activities at a political rally in Augsburg. For communication, the suspects used the confidential e-mail provider Riseup. Zwiebelfreunde, an association of activists aimed at promoting the use of the Tor browser and network by operating Tor relay nodes in order to protect user anonymity online, collects donations for Riseup.1 The implicit assumption of the investigators was that Zwiebelfreunde had information on the identity of the suspects, because the group supported Riseup. Despite the group being “witnesses” in this case, police seized documents containing names, addresses, and bank details of people supporting Riseup and Zwiebelfreunde. Police allegedly made threats to people from Zwiebelfreunde present at the raid, intimating that they might turn from witnesses to suspects.2 Following criticism by press freedom and internet rights activists, the State Court in Munich ruled the searches and seizures were illegal and ordered all seized material to be returned.3

  • 1. Anna Biselli, „Polizei durchsucht Räume von Tor-Aktivisten“ [Police searches rooms of Tor activists], Golem.de, July 4, 2018, https://bit.ly/2HjrI6F
  • 2. Daniel Mützel, „Polizei zwingt Netzaktivisten zur Öffnung ihres Safes und gelangt an geheime Spenderliste“ [Police forces internet activitsts to open their safe and gains access to secret donator list], Vice, July 13, 2018, https://bit.ly/2JpPMpt
  • 3. Martin Holland, „Zwiebelfreunde: Hausdurchsuchungen bei Datenschutz-Aktivisten rechtswidrig“ [Zwiebelfreunde: Searches of homes of data protection activists illegal], heise online, August 24, 2018, https://bit.ly/2LmGKZj
C8 1.00-3.00 pts0-3 pts
Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack? 2.002 3.003

Human rights activists and NGOs are rarely victims of cyberattacks or other forms of technical violence that are aimed at stifling freedom of expression. However, government institutions and the business sector have been targeted by cyberattacks.1

In December 2018, personal data of parliamentarians, politicians, television personalities, activists, and YouTube artists were published online.2 An individual who confessed to the leaks, a German citizen, was arrested shortly after the case received public attention in January 2019.3 The case led to public discussions about online safety, since much of the retrieved data was protected by weak passwords such as “1234.”4

Earlier, in 2015, the federal parliament had enacted an ICT security law to strengthen its response capabilities; the law obliged telecommunications companies and critical infrastructure operators to report security breaches to the Federal Office for Information Security (BSI). However, the law has been criticized as being largely ineffective, and its mandates concerning the storage of traffic data to determine the source of possible cyberattacks have been criticized as intrusive.5

  • 1. Nicolai Kwasniewski, “Ein Hack, eine versetzte Schweißnaht – fatale Folgen“ [A hack, a shifted weldseam – fatal consequences], Spiegel Online, November 30, 2017, https://bit.ly/2BblMJz
  • 2. Stefan Krempl, “Gehackte Daten: Politiker beklagen schweren Angriff auf die Demokratie” [Hacked data: Politicians lament significant attack on democracy], heise online, January 4, 2019, https://bit.ly/2BZBAzy
  • 3. Markus Beckedahl, „Doxing: Tatverdächtiger war politisch motiviert, aber seine Straftaten sollen nicht politisch motiviert sein“ [Doxing: Suspect was politically motivated, but his crimes are supposed to not be politically motivated], Netzpolitik.org, January 10, 2019, https://bit.ly/2VU9peS
  • 4. https://nytimes.com/2019/01/08/world/europe/germany-hacking-arrest.html
  • 5. Anna Biselli, “Heute im Bundestag Verabschiedung des IT-Sicherheitsgesetzes – ein Überblick” [Today in the parliament enactment of the IT security law – an overview], Netzpolitik.org, June 12, 2015, http://bit.ly/1FcCwIH

On Germany

See all data, scores & information on this country or territory.

See More
  • Global Freedom Score

    94 100 free
  • Internet Freedom Score

    80 100 free
  • Freedom in the World Status

    Free
  • Networks Restricted

    No
  • Websites Blocked

    No
  • Pro-government Commentators

    No
  • Users Arrested

    No