Here is a thought on privacy in Germany: it often appears that privacy protection is taken very seriously in Germany and citizens have decent control over who gets access to their personally identifiable information. I was under that impression myself for a long time, until a discussion with a friend prompted me to take a closer look at the situation.
I was extremely surprised to see how little privacy protection actually exists in Germany – with respect to the government. It is true that the federal data protection act (“Bundesdatenschutzgesetz”) puts a lid on obtaining, storing, evaluating, and disseminating personal data, especially for the private sector. In general, the “opt-in” principle is followed, where the data subject must give express permission to collect or store PII, and has the right to recall such permission at any time. However, this federal law also makes it clear that some or all of these provisions can be lifted by specialized laws.
One set of these laws limiting the federal data protection act are the laws requiring every person living in Germany to register with city hall when taking residence (“Meldegesetze”). These laws actually precede the data protection laws and allow the registration agency (“Einwohnermeldeamt”) to collect and store the following attributes:
-
all names (including former names, pseudonyms, etc.) and academic titles
-
DOB, place of birth, sex
-
addresses (all current and former), including the dates when they changed
-
legal guardian(s), including addresses, DOB, date of death, titles, etc.
-
all citizenships
-
religious affiliation
-
marital status, including dates and reasons for changes
-
spouse (including names, titles, DOB, date of death, all current and former addresses)
-
underage children (again, names, titles, DOB, … you get the idea)
-
date and place of death
-
restrictions for releasing this data
-
eligibility to vote in national or European elections
-
tax relevant data (including religious affiliation of spouse)
-
unique tax ID (as soon as its issued)
-
weapon permits, demolition permits
All this data is – more or less – freely accessible to any government agency, including the German internal revenue department and federal tax agencies, welfare offices, motor vehicle registries and licensed religious institutions.
In addition, the registration agencies will release your core data (names, titles, addresses) to any thrid party that asks without notifying you. If said third party has a reasonable interest (e.g. they claim you owe them money) the authorities will release pretty much all the information about you with the exception of 6, 9 and 11-15.
Other government agencies (besides the registration authorities) may collect, store, and use more data from you. An interesting example are the tax agencies, who can automatically obtain your records at any financial institution – without a warrant (they police themselves) or telling you or the banks.
At the end of the day you have almost as little privacy and freedom from government (and private sector) intrusion in the “holy land” of data protection rights, as you have here in database country. To some extend you might even have more freedom in the U.S., which has not only a very vocal privacy advocacy community, but has also already gone through the disaster of raging ID theft.