Federal Financial Supervisory Agency
The Federal Financial Supervisory Agency (Bundesanstalt für Finanzdienstleistungsaufsicht, BaFin) is keeping a “registry of consultants” since 1 November 2012. This database collects all known information on complaints about investment advisers. Whether the complaints are justified or not is not relevant for being recorded. If BaFin considers complaints to be justified, it can ban consultants from giving investment advice for up to two years. This amounts to an occupational ban and will likely have consequences in terms of employment relations as well. The goal to protect investors is pursued by challenging only the weakest link in the sales chain. Pressure from employers and sales managers, the actual cause of many mistakes and complaints, is not recorded in the registry of consultants. The Volksbank (local co-operative bank) in Göppingen has filed a constitutional complaint against the database.
Federal Government – Access to Telecommunications Users’ Data (Bestandsdatenauskunft)
The German government has introduced a “Bill for Changing the Telecommunications Law and for a New Regulation of Access to Telecommunications Users’ Data”. This is going to concede far too wide-reaching privileges for obtaining information to the security agencies. The German Federal Constitutional Court (Bundesverfassungsgericht) had necessitated a change to the law in a 2012 ruling, but many parts of the new bill do not meet the requirements made by the court. Among other things, the identification of Internet users via their IP addresses would be permissible even for minor misdemeanours. According to the bill, which has already passed the first chamber of the German parliament (Bundestag), the Federal and State Offices for the Protection of the Constitution (Verfassungsschutzbehörden, i.e. domestic intelligence agencies), the Military Counter-Espionage Agency (Militärischer Abschirmdienst, the military intelligence agency) and the Federal Intelligence Agency (Bundesnachrichtendienst, the foreign intelligence agency) will have access to the data, even when there is no concrete suspicion of anti-constitutional activities.
District of Peine
The district of Peine (Lower Saxony) has threatened a 24-year-old motorist with a medical-psychological assessment (known by its German acronym MPU, a procedure used by the authorities to decide whether to revoke or reissue a driving licence). The reason: said motorist had expressed himself critically on Facebook about speed cameras installed permanently at a country road. From this, Peine district authorities derived a “certain amount of conflict potential” that would not be appropriate in traffic. After the incident became public, a speaker of the council acknowledged that the case was an overreaction of a district employee. At the same time, however, he confirmed that in three other cases the municipality had filed criminal charges for postings on the Internet with grossly offensive character. For years there has been a broad discussion about the dubious nature of police and secret service investigations in social networks. To see road traffic authorities browsing Facebook for critical comments, and disciplining individuals based on such, adds a new and frightening dimension.
EU monitoring system EUROSUR
“Eurosur” is an “early warning system” to facilitate the “monitoring, investigation, identification, tracking, prevention and interception” of illegal border crossings into the EU. With the use of drones, satellites, radar surveillance, and also by utilising secret service reconnaissance methods, the borders of the EU are fortified and developed into an electronic fortress in order to repel migrants and refugees. New surveillance technologies aim to detect refugee boats and prevent them from even leaving their country of origin. If that has already happened, boats will be intercepted at sea. Thus, the already limited right to asylum is being eroded even further. The Internal Affairs Committee of the European Parliament adopted “Eurosur” in November 2012. “Eurosur” is to support the EU Member States and their border protection agency “Frontex” with a preemptive border control system to advance reconnaissance methods.
The company Regis24 and other so-called address mediators are building databases that are coming dangerously close to a parallel central population register – with a questionable appreciation of the law. Regis24 offers companies the service to retrieve information from the population register. If, for example, a mobile phone company wants to know the current place of residence of a defaulting customer, it commissions this task from Regis24. Regis24, in turn, requests the information from the population register and forwards it on to the phone company. So far, so good. This should normally conclude the process, but Regis24 stores the data in their own databases, to re-use them for further inquiries. In this way, step by step and without knowledge of the affected persons, Regis24 created a „shadow register“ that is neither transparent nor controllable by the citizens.
Deutscher Musikrat GmbH
Deutscher Musikrat (“German music council”) organises the prestigious competition “Jugend musiziert” (a national talent competition for young musicians). To register, participants have to submit a broad range of personal data – and agree to their extensive use. This data may indeed be necessary to organise the competition, but why is it necessary to publish not just names, first names and years of birth, but also full dates of birth, gender, landline and mobile numbers of mostly under-age participants on the Internet, or use those data for "press and public relations"? More specific options of consent to the different types of use would have been appropriate at this point.
Does anyone still remember Palm? In the early 1990s they were among the first to introduce palm-sized digital organisers, long before smartphones and mobile Internet access conquered the world. Palm is now part of Hewlett-Packard and is a vendor of smartphones based on HP’s “WebOS” operating system. The joy of owners of these devices will be marred by a look at the terms of service of Palm Web OS, however. These stipulate not only that sensitive information, such as contacts and calendars, will regularly be transferred to Palm. But even registration data, account and device information, contents and technical data may be stored, published, transferred or used in other ways. Our recommendation: If you do not agree to the terms of service, you can return the device before the usual legal deadline.
Frankfurt (Oder) Police, homicide division
We disapprove of the unusual investigative methods of a homicide division of Frankfurt (Oder)¹ police. To receive information from the public in a kidnapping case, they set up an email address at the hosting company Web.de. By doing so they gave authority over the incoming information (hints, speculation, suspicions, etc.) to a private enterprise. Such investigations generally require a large amount of tact and professionalism, to avoid premature publication of speculation, and to protect witnesses. Incoming clues have to be treated delicately and confidentially. Anyone can register a „web.de“ address – even the delinquent. To be aware of all this should be a matter of course for professional investigators. Not so, apparently for the Frankfurt police.
¹ Frankfurt (Oder) is a city at the German-Polish border, in the state of Brandenburg, not to be confused with Germany’s fifth-largest city, Frankfurt (Main) in Hesse.
Reprimand & Look Back: Facebook
Facebook wants to improve its range of goods in terms of quality and quantity. In the case of Facebook, those goods are its users, and Facebook would like to force them to divulge increasing amounts and more sensitive items of their data.
Facebook is now trying to prevent pseudonymous use of its services. Users are obliged to register with the names listed in their identity documents. Should anyone dare to use a false name, Facebook is calling on other users to act as informers. For a time a small pop-up could be seen that asked users to supply the correct names for profile images. If anyone was found to be using a false name, the account was suspended until scans of identity documents were submitted.
Another novelty is the coercion to leave traces with every activity inside Facebook. Previously, users could read updates or open a friend’s pages without the other user noticing it. This is no longer possible. If a user reads, say, a group message, a list appears for everyone to see that lists in detail who read the message and when. Facebook can no longer be used “silently”.
Another example of Facebook’s data hoarding mania is the Instagram photo-sharing service. After Instagram was bought by Facebook in April 2012, the photo platform published a new version of its Terms and Conditions in December. Initially, Instagram even reserved the right to sell its users’ pictures. Responding to strong protests, these changes were revoked. What was kept in place were changes that brought Instagram closer to Facebook. The real-name obligation now applies to Instagram users too, and users’ data can freely be shared with Facebook in the future.
What a ubiquitous Facebook can ultimately lead to was shown in the case of a small primary school in the Harz region. According to a newspaper report, 6 children were excluded from lessons because their parents had not agreed to photos being published on Facebook.