On October 18, 2024, the German government passed its new security package, which provides for increased surveillance and comprehensive measures against terrorism and violent crime. The legislative initiative has met with considerable resistance from data protectionists, who have expressed concerns about the restriction of civil rights and a potential surveillance state. The original draft bill contained far-reaching powers for security agencies, some of which have been weakened but still raise fundamental data protection issues.
Data Protection Concerns about the Original Draft
The original draft of the security package provided for far-reaching digital surveillance measures, including the permanent use of biometric facial recognition by the Federal Criminal Police Office (BKA) and the Federal Police. Data protectionists saw this as a significant threat to citizens’ privacy. Particularly critical was the fact that heads of department at the BKA were to access biometric data in urgent cases without judicial approval – a power that met with broad approval in the Bundestag, but was sharply criticized by the Bundesrat and ultimately removed from the final law.
Critics fear that such powers could mark the start of “preventive mass surveillance”. Although the measure is now only permitted for serious crimes and subject to strict conditions, data protectionists see a creeping loss of privacy here, as facial recognition technology could easily be extended to other areas in the future.
The Digital Measures of the adopted Package
The final law also contains several digital measures that could have far-reaching consequences for privacy and data protection law.
1. Facial Recognition and Biometrics
While the originally more extensive powers for biometric facial recognition were weakened in the final law, the principle remains that the BKA and other security authorities can use biometric data in serious cases. Data protectionists emphasize that even a limited use of such technologies could have long-term effects. A potential extension to public places and events would mean that citizens could be subject to surveillance at any time – an unprecedented invasion of privacy that raises fears of a “normalization” of surveillance technologies.
2. Automated Data Analysis and IP-Tracking
The adopted law allows security authorities to access automated data analysis in order to identify criminal patterns. However, critics complain that the draft has not taken into account the possibility of permanently storing IP addresses, which they believe makes it more difficult to fight crime in the digital space. However, data protectionists warn that such storage would constitute a kind of “data retention light”, which could potentially place all citizens under general suspicion.
The lack of balance between necessary surveillance and the protection of personal data is problematic, as automated systems can often recognize false patterns or make innocent citizens the focus of investigations. The reliability and transparency of such systems also remains questionable from a data protection perspective.
3. Extended Queries for Asylum Seekers and Digital Data Verification
One particularly controversial point is the introduction of biometric comparisons as part of the asylum procedure in order to verify the identities of asylum seekers. The comparison can now be carried out without judicial approval, which data protectionists criticize as a discriminatory practice. They warn that the mandatory verification of biometric data could set a dangerous precedent for the expansion of digital surveillance – especially as asylum seekers are being used as a test group for measures that could later be extended to the wider population.
4. Checks without Suspicion and Extended Police Powers
The law introduces additional control options, such as suspicion-independent checks at so-called “hotspots”. Data protectionists fear that this will lead to the establishment of more extensive surveillance structures and promote discriminatory control practices, for example in neighborhoods with high crime rates. There are concerns that the suspicionless checks could be overused and that certain population groups could be targeted – a practice that is already often criticized in other countries.
Critical Voices and the Future of Digital Security
Data protectionists and civil rights activists warn that this security package could be a long-term step towards comprehensive digital surveillance and state control. The planned law is not just a response to current threats, but could lay the foundations for the introduction of mass surveillance technologies that will be difficult to abolish. One point of criticism that is often raised is the lack of transparency in the use of these new technologies and the uncertainty about how data is stored and used.
Civil rights organizations are therefore calling for stricter controls and evidence of how these measures actually contribute to increasing security without massively restricting civil rights. They are also calling for the use of these digital tools to be kept to a minimum and regularly evaluated.
Pascal founded ViOffice together with Jan in the fall of 2020. He mainly takes care of marketing, finance and sales. After his degrees in political science, economics and applied statistics, he continues to work in scientific research. With ViOffice, he wants to provide access to secure software from Europe for everyone and especially support non-profit associations in their digitalization.