It’s been a strange couple of weeks for Germany. After revelations last week that American spies had been tapping Angela Merkel’s phone, news emerged over the weekend that Germany was pushing to have data protection rules included in the Transatlantic Trade and Investment Partnership (TTIP), a trade deal between the United States and the European Union. Even the most ardent supporters of strict data protection rules realize that this is a bad idea: At best it would lead to a watery compromise that leaves everybody unhappy. At worst it could derail the talks altogether.
By Monday, the European Commission had stepped in and ruled out Germany’s fanciful suggestion. “Including data protection in the trade talks is like opening Pandora’s box,” Viviane Reding, the architect of Europe’s new data protection regulation, told the Financial Times (paywall). Still, the episode further strengthened Germany’s reputation as a haven for privacy and security. Its corporations have been trying to bask in the reflected glory, claiming to provide more secure email. It’s a nice marketing spiel, but it means very little.
The fact remains that Germany has built up a solid reputation as a vanguard for its citizens’ privacy. It has some of the harshest data protection rules in the world and was the first to go after Google for picking up Wi-Fi data while collecting imagery for its Street View project. Less well known is that the fine was lowered after Google shared the data with the government.
Yet for all Germany’s posturing about privacy, it is also one of the leading countries requesting user data from big tech firms. The other bit of news this week came from Apple’s transparency report (pdf) on government information requests. In the first half of this year, Germany made 93 requests for user information, after only Spain (102), the United Kingdom (127) and the United States (somewhere between 1,000 and 2,000; the US government does not allow more precise disclosures).
A similar trend emerges in other companies’ transparency reports. Google’s most recent report, covering the second half of 2012, says that Germany made 1,550 requests for user information, fourth on the list after the US, India and France. Facebook reports that in the first half this year, Germany requested user data 1,886 times, after the US, India and the UK. In short, wherever you look, Germany is within the top four countries requesting data and the top three in Europe. (It is worth mentioning that requests from the US outnumber those from any other country by an order of magnitude.)
Why is Germany so militant about protecting privacy and simultaneously so aggressive about invading it? Its allergy to data collection by the government stems from the country’s history—most recently, the massive files that the secret police built up on East German citizens. But that same history may help explain its snooping: Transparency reports do not go into detail about the nature of user data requests, but according to a source at a web service that regularly receives such requests, many of those from Germany have to do with neo-Nazis.
What’s remarkable is that Germany has maintained a cuddly reputation as a protector of privacy despite reports such as The Guardian’s, last week, that Germany’s spy agency is “making the case for reform or reinterpretation” of laws that limit the government’s power to intercept communications. In July, Der Spiegel revealed that the German agency operates a joint facility with the NSA on German soil.