Dienstag, 14. Februar 2012

3: Vorträge, Vorlesungen, Aufsätze

"Open Government and Technology in State Craft" with Ben Scott, Policy Advisor for Innovation, US Department of State, Washington [engl.]

Thilo Weichert
Leiter des Unabhängigen Landeszentrums für Datenschutz Schleswig-Holstein (ULD)
Chief of the Independent Centre for Privacy Protection Schleswig-Holstein

Contribution to the discussion at Social Media Week Hamburg
Tuesday, February 14th, 2012, 18:00

We can’t deny that there is a big gap between European and US-American internet policies. While the European position emphasizes very much the importance of protecting the rights of the citizens in the digital era, US-American internet policy is more driven by economic and political motivations.

But before exposing the conflicts and the divergences, let me emphasize the conformity of some approaches and some common interests. The tradition of freedom of information does not originate from Germany, but from Anglo-American political and juridical culture as well as from Scandinavia. The oldest open access regulation stems from Sweden in 1776. The European Community has learned that open access to government files is important for democracy and indirectly for personal individual freedom. And even Germany had learned its lesson when it finally got a freedom of information act in 2006 on a federal level. Some German states had preceded, for example Schleswig-Holstein, the most Scandinavian state of Germany. And – even if we don’t have real open government regulations – there is an open government discussion and some open government practice. Unfortunately, German authorities – as in the USA – are using social media for this, without reflecting sufficiently on legal and factual implications.

Another common approach using social media is the emphasis on free speech, which is guaranteed in the European Charter of Fundamental Rights of 2009 and in the German constitution, our Grundgesetz. In German legislation and jurisdiction the right to free speech has a prominent status. It is well recognized as being fundamental for our liberal and democratic society.

But here the differences between Europe and US begin. Another fundamental right of our German and our European society is seen in the right to data protection or, as it is called by the German Constitutional Court, the right to informational self-determination. This fundamental right is guaranteed in Article 8 of the European Charter of Fundamental Rights. It also has sources in Anglo-American common law. The US-American lawyers Samuel Warren and Louis Brandeis founded – 120 years ago – our modern understanding of this right. But unfortunately this common tradition hasn’t survived until today. There are some privacy acts in the United States, but they are understood above all as consumer rights which do not derive from individual freedom or from the general personality right. Until today the US-Supreme Court denies such a universal comprehensive right. And this provokes some cultural and legal conflicts between Europe and the United States. We don’t want to accept the compiling of European data by US authorities as it is practiced with the Passenger Name Records- and the SWIFT-Agreement, as it is practiced with the Patriot Act and the FISA and as it is practiced by US providers of popular social communities like Google or Facebook. Those US-American activities are putting in question the right to informational self-determination, as it is understood by European data protection agencies.

Let me illustrate this with the conflict between the prime minister of Schleswig-Holstein and the Independent Centre for Privacy Protection in Kiel regarding the Facebook fanpage of the Kiel State Department. The ICPP is convinced that the State Department in Kiel does not comply with German nor European data protection law when this German authority is using a US-American provider to communicate officially with its citizens. Our prime minister does not mind that the traffic data of those citizens are processed in the US where European data protection law is not applicable – a law which is more or less being ignored by the enterprise Facebook.

Those data protection criteria – which at the same time are data security criteria – should not be ignored by any government organization, because behind those criteria lie the following questions: 
Who is responsible for the data processed? 
Who has the right and the real technical power to determine about those data? 
And by using private companies, those who exercise this power and this right, the official authority give up this power and right in relation to the entrusted citizens. This concerns both content data and traffic data. Our German understanding of good governance includes full responsibility and accountability on administrative data processing, including communication with citizens.

Let me finally emphasize that this should be – in my opinion – a common interest of US-American as well as European democratic policies, as globally the right to informational self-determination is denied – above all – by authoritarian countries and dictatorships as there are China or Iran. Those states use the data to suppress their population and to exploit foreign data. For long I have been pleading for a global international charter of fundamental digital rights following the precedent of the General Declaration of Human Rights of 1948. Parts of those digital rights should be the freedom of speech and freedom of information. There should also be the right to transparency and the right to open government. And there should finally be the rights to privacy and to data protection or, as we call it in Germany, the right to informational self-determination and the right to the guarantee of the confidentiality and integrity of information technology systems.

I do concede that this vision of fundamental digital rights currently is only a vision of a minority in the European societies. But I am convinced that it should and could be a vital vision of common transatlantic policies.