A draft law released by the German union for data protection (DVD) this week revealed that the interior ministry was proposing to drastically limit the powers of Germany's data protection authorities, banning them from investigating suspected breaches of people's medical and legal records.
As well as expanding video surveillance with facial recognition software, the bill would limit the government's own data protection commissioners to checking that the technical prerequisites are in place to ensure that doctors' and lawyers' files are secure, but it stops them from following up when citizens report concerns that their data has been leaked.
The bill would also shut down citizens' right to know what data is being collected about them - even by private firms, if releasing that information would "seriously endanger" a company's "business purposes," the SZ quoted the draft as saying. Thilo Weichert, former data protection commissioner for the state of Schleswig-Holstein and now DVD board member, condemned de Maiziere's plans as a "massive" erosion of privacy in Germany.
"The limitation of data protection controls in the medical field, which was a focal point of the [data protection] authorities up until now, is simply a disaster," Weichert said in a statement, adding that the ministry's bill was "further proof" that "data protection is not currently seen as relevant by the government."
DVD chairman Frank Spaeing described the law as a "data protection prevention law" and called on the Justice and Consumer Affairs Ministry, the Economics Ministry, and the Science and Research Ministry to intervene on behalf of people's civil rights.
The law - which aims to implement European Union data protection directives, set to come into force in 2018 - was roundly condemned by the DVD, though it acknowledged that it was an improvement on previous drafts that the Interior Ministry had presented.
"And yet the draft [...] contains old and in some cases new European-law-breaching and unconstitutional and unacceptable regulations," the organization said in its statement, before singling out the lack of any regulation protecting "professional discretion" among doctors, psychologists and lawyers.
There was also criticism from the Federal Data Protection Commissioner's office (BfDI). Commissioner Andrea Vosshoff - also a member of de Maiziere's Christian Democratic Union (CDU) - said the plan would make "control by the BfDI in many sensitive areas, for instance health insurance companies, job centers, or other social service operators, almost impossible, and is not acceptable."
In an emailed statement to DW, Vosshoff also criticized the ministry's plans not to give the BfDI any power to sanction security forces for personal data breaches - a key directive in EU data protection law.
The right to know
Perhaps most contentiously, the draft allows the government to deny people the basic right to know what personal data is being collected if "the release of the data endangers public safety and order, or disadvantages the well-being of the country, or the state in another way."
This was a particular irritation for the DVD, which described this right as the "Magna Carta of data protection" and said that considerations of national security and business secrets were not a strong enough reason to corrode that right.
The irony is that the EU directive that this draft is meant to implement was actually designed to improve data protection for citizens - even though it offers a lot of leeway for interpretation by member states. Lina Ehrig of the Federation of German Consumer Organizations (VZBV) told the SZ paper that the new German law would have the opposite effect of that intended by the EU; in other words, it would not stop telcom companies passing on customer data and using it for other purposes.
The German cabinet is currently in discussions with Vosshoff about the interior ministry's plans. Other state data authorities that DW contacted did not want to react publicly to the proposals until they had agreed on a joint response.