Image for article type insight
Insight

Germany: The new Government's plans on the right of encryption

March 4, 2022
Stock Depot / Essentials collection / istockphoto.com
Stock Depot / Essentials collection / istockphoto.com
Summary

The new German government's Coalition Agreement emphasizes strengthening digital rights and IT security by introducing a right of encryption, which is detailed in a parliamentary motion that calls for secure communication services without backdoors and condemns government trading in security vulnerabilities. Encryption is highlighted as a key measure for data protection under GDPR, potentially reducing controllers' notification obligations in case of data breaches. The right of encryption could also affect the legality of third-country data transfers, as secure encryption methods may help meet the CJEU's stringent requirements for data protection adequacy. Controllers are advised to prioritize cybersecurity and encryption to protect data, as emphasized by the Baden-Württemberg data protection authority's report.

Among the priorities set by the new German government in its Coalition Agreement 2021 - 2025 between the Social Democratic Party ('SPD'), the Green Party, and the Free Democratic Party ('FDP'), titled 'Seeking Continued Process' ('the Coalition Agreement') is the strengthening of the digital rights of German citizens and IT security.1 In this context, the Coalition Agreement announces the introduction of a right of encryption. Strengthening encryption methods and implementing them in a broad-based manner would affect data protection in several ways, and these effects should be kept in mind by controllers, particularly corporate controllers. Against this political backdrop, Stefan Hessel, Attorney-at-Law and Co-Head Digital Business Unit at reuschlaw Legal Consultants, discusses the right of encryption and its impact on data protection.

The right of encryption The Coalition Agreement itself does not state what it means by a 'right of encryption'. But the FDP delegation to the German Parliament presented motion 19/5764 on 27 January 20202, calling for a right of encryption. We can deduce from this motion what is meant by the term. Specifically, the motion calls upon lawmakers to require telecommunications and telemedia providers to offer bug-proof communication services (end-to-end encryption) which are to become standard after a transitional period, to condemn the use of 'backdoors', to reject government participation in digital gray and black markets for security vulnerabilities, and to refrain from any prohibitions or res