Germany’s effort to balance cybersecurity and privacy

kupOn June 12, 2015, in the Bundestag (German legislative body) a bill on data retention (Entwurf eines Gesetzes zur Einführung einer Speicherpflicht und einer Höchstspeicherfrist für Verkehrsdaten) was introduced. It requires companies to store (in Germany) traffic data for a specified amount of time to allow enforcement agencies to request it for repression of terrorism. However, due to strong criticism from those who believe that the bill infringes their fundamental privacy rights, the vote on the data retention law has been postponed until the Fall. More information is available here and here.

On July 10, 2015, the Bundesrat (Germany’s upper house) passed several amendments to the IT security law, or “BSI Act” (Entwurf eines Gesetzes zur Erhöhung der Sicherheit informationstechnischer Systeme IT-Sicherheitsgesetz). The law is now awaiting the Federal President’s signature. It will enter into force after its publication in the Federal Law Gazette. The BSI Act’s goal is to force the German “operators of critical infrastructure” to introduce new cybersecurity measures to provide higher safeguards. However, it is not clear who is covered by the BSI Act. Critics say that compliance cost for the German industry as a whole could be in the billions and that penalties for non compliance are harsh – up to €100.000 fines (see here and here).

For more information, Francesca Giannoni-Crystal

Follow us on& Like us on