On September 5, 2013, the 16 German state data protection authorities and the Federal Commissioner for Data Protection and Freedom of Information (the “DPAs”) passed a resolution concerning recent revelations about the PRISM, Tempora and XKeyscore surveillance programs.
The DPAs were critical of the programs, indicating that more should be done to understand their scope, especially since the programs raise serious constitutional concerns in Germany. In particular, it remains unclear whether German federal authorities illegally shared personal data with other countries or used illegally obtained personal data for their own purposes.
In the resolution, the DPAs advocate the following actions:
- Develop and implement national, European and international laws to ensure that privacy is fully protected, and to guarantee telecommunications secrecy and the fundamental rights to informational self-determination, confidentiality and integrity of IT systems.
- Immediately cease any unconstitutional cooperation between intelligence services and prevent such activities going forward.
- Intensify the supervision of intelligence services by increasing the authority of parliamentary control committees, and review whether the DPAs should be involved in this process.
- Make more efforts to safeguard the fundamental rights to informational self-determination, confidentiality and integrity of IT systems, including by:
- reviewing whether telecommunication connections should only be routed via networks within the EU;
- building and supporting safe and anonymous ways of using telecommunications services (which encompasses ensuring that those who use encryption or anonymization are not at a disadvantage); and
- creating a framework for the objective analysis and independent certification of hardware and software.