Freedom on the Net 2016 - Germany

Country: 
Year: 
2016
Status: 
Free
Total Score: 
19
(0 = Best, 100 = Worst)
Obstacles to Access: 
3
(0 = Best, 25 = Worst)
Limits on Content: 
5
(0 = Best, 35 = Worst)
Violations of User Rights: 
11
(0 = Best, 40 = Worst)
Population: 
81.4
Internet Penetration: 
88 percent
Social Media/ICT Apps Blocked: 
No
Bloggers/ICT Users Arrested: 
No
Press Freedom Status: 
Free
Key Developments: 

June 2015–May 2016

  • The proposal by Germany’s telecoms regulator to allow former state-owned monopoly and market leader Deutsche Telekom exclusive use of vectoring technology to develop broadband internet access sparked fears of a slow re-monopolization of the ICT market (see Regulatory Bodies).
  • In July 2015, the federal prosecutor’s office notified the website Netzpolitik.org that two of its journalists were under investigation for treason, for publishing articles containing classified state information. While quickly dropped, the case drew widespread public criticism (see Prosecutions and Detentions for Online Activities).
  • In October 2015, the federal parliament adopted new legislation requiring telecommunications companies to retain certain data for up to ten weeks, despite fierce protests from data protection officials and the European Court of Justice’s rejection of a similar EU directive (see Surveillance, Privacy, and Anonymity).
Introduction: 

Germany’s internet freedom environment declined slightly this year, as a short-lived treason investigation against two online journalists sparked widespread criticism and new legislation concerning data retention raised fresh privacy concerns.

Media and civil society frequently and openly discuss the state of internet freedom in Germany, especially given the prominence of internet regulation issues in widely read online news publications. There is consensus that internet freedoms are essential for an open and democratic society, and politicians, both from the governing parties and the opposition, usually act accordingly.

At the same time, some issues came under renewed pressure during the reporting period. In the course of the European refugee crisis, social media companies were criticized for not doing enough to subdue hate speech on their platforms. In the case of Facebook, this even led to an official criminal investigation against one of its executives. Subsequently, the companies vowed to change their removal practices in Germany, while also citing concerns regarding the freedom of speech.

Another topic of debate was the future of net neutrality in Germany and the European Union, as European legislation prompted concerns about potential loopholes. Germany’s liability regime for open access providers also remained a risky obstacle for cafes and other businesses wanting to establish free wireless networks for customers. Although recent amendments have sought to address these liability issues, remaining burdens for providers continued to draw criticism.

In the wake of the European Court of Justice’s dismissal of the EU Data Retention Directive in the spring of 2014, law enforcement representatives found support from the governing coalition in their call for new national legislation to enact data retention in Germany. In October 2015, a new law introduced requirements for telecommunications companies to retain data for up to ten weeks, such as the IP addresses of users and the date and time of connections, and for all data to be stored on servers located in Germany. No less than four constitutional complaints were subsequently filed against the controversial legislation. Moreover, despite an ongoing parliamentary inquiry, the scandal triggered by Edward Snowden’s revelations in 2013 concerning the activity of the NSA and German intelligence services has still not been adequately assessed.

Obstacles to Access: 

Internet access is high in Germany, and there are few inhibiting obstacles. However, the country still lags behind other European countries in terms of broadband development, despite new and considerably increased funding promised by the federal government. While competition in the ICT market has continued to increase, the regulator’s proposal to grant market leader Deutsche Telekom exclusive use of vectoring technologies to expand broadband access sparked fears of a partial re-monopolization of the market.

Availability and Ease of Access

Germany’s network infrastructure for information and communication technologies (ICTs) is well developed, and 88 percent of the population in Germany has private internet access.1 Together with the number of mobile-only internet users, this has resulted in an overall internet penetration rate of 90 percent, according to Eurostat findings, which is seven percentage points above the European Union (EU) average.2 Similarly, data compiled by the International Telecommunications Union (ITU) placed the internet penetration rate at 87 percent by the end of 2015.3 According to a different survey, private internet usage increased from 77 percent to 78 percent, over the past year.4

The most widely used mode of access is still DSL, with 23.6 million connections in 2015. However, cable internet connections are becoming more widespread, with 7.2 million connections in 2015, compared to only 6.3 million in 2014.5 Connections with more than 50 Mbps are available for 68.7 percent of households.6 According to Akamai, the average connection speed was 12.9 Mbps by the end of 2015.7 After announcing a roadmap to provide every household in Germany with internet access speeds of at least 50 Mbps by 2018,8 the federal government presented a policy directive in October 2015 with a projected budget of 2.7 billion Euros.9 The first communes started to request the subsidies in December 2015.10 However, many businesses in Germany continue to struggle with slow connections.11

Mobile phone penetration in Germany is nearly universal, with a penetration rate of 139 percent.12 In 2015, internet access via mobile devices further increased: people in Germany regularly accessed the internet via UMTS or LTE with 74.3 million devices, compared to only 52.6 million devices the previous year.13 The total data volume increased from 395 million GB in 2014 to 591 million GB in 2015.14 According to the Federal Ministry of Economics and Technology, Germany is ranked eighth internationally in terms of mobile internet access.15 In February 2016, 51 million people in Germany used a smartphone.16 At the end of 2015, LTE connections were available to 90 percent of all Telekom customers, 84 percent of Vodafone customers, and 75 percent of all Teléfonica Germany customers.17

There is still a gender gap when it comes to accessing the internet in Germany. While 87 percent of men used the internet every day or almost every day in 2015, only 82 percent of women did.18 Daily or almost daily internet usage in the 16-24 and 25-44 age groups were 95 and 93 percent, respectively. In the over 65 age group, frequent usage is now at 67 percent.19

Differences in internet usage based on formal education have not changed significantly over the past few years. The gap between people with low and high levels of formal education is still noteworthy.20 A comparison of net household incomes also confirms this gap. Households with less than EUR 1,000 (USD $1,100) net income per month have a 51.7 percent penetration rate, whereas those with more than EUR 3,000 (USD $3,300) net income per month have a penetration rate of 94.3 percent.21Furthermore, slight differences in internet usage exist between Germany’s western region (79 percent) and the eastern region (71 percent), which was formerly part of the communist German Democratic Republic; this gap has remained over the past year.22 The gap between the urban states Hamburg, Berlin, and Bremen, and the rural states with the smallest internet penetration rate such as Saxony-Anhalt or Mecklenburg-Western Pomerania, is still between 10 to 14 percent.23

Telecommunication services have become slightly less expensive, decreasing by about 1.6 percent.24 Available figures indicate that prices for flat rate broadband internet still range from EUR 16 to 30 (US$18 to $33) which is relatively affordable compared to an average income per household of EUR 4,101 (US$4,500).25 Nevertheless, stark differences in internet usage by levels of income demonstrate how prices continue to be a barrier for people with low incomes and the unemployed. Although the Federal Court of Justice ruled that access to the internet is fundamental for everyday life, costs for internet access are still not adequately reflected in basic social benefits.26

Restrictions on Connectivity

The German government does not impose restrictions on ICT connectivity. Germany’s telecommunications infrastructure is largely decentralized. There are more than one hundred backbone providers in the country.27 Privatized in 1995, the former state-owned Deutsche Telekom remains the only company that acts as both a backbone provider and an ISP. However, the German state owns less than a third of its shares, which crucially limits its control.28 There are a number of connections in and out of Germany, the most important being the DE-CIX, which is located in Frankfurt. It is privately operated by eco, the association of the German Internet Industry.29

ICT Market

The telecommunications sector was privatized in the 1990s with the aim of fostering competition. The incumbent Deutsche Telekom’s share of the broadband market was 41.6 percent in 2015, marking a slight decline as competition continued to increase. Other ISPs with significant market share included Vodafone with 18.4 percent, 1&1 with 14.1 percent, cable company Unitymedia at 10.1 percent, and O2-Telefónica with 6.9 percent.30 In early March 2016, the Federal Cartel Office approved the acquisition of 25.11 percent of cable company Tele Columbus by United Internet, the parent company of 1&1.31

There are currently three general carriers for mobile internet access: T-Mobile, Vodafone, and Telefónica Deutschland. After a merger between O2 and E-Plus Group in 2014, Telefónica Deutschland remained the market leader with a share of 38.4 percent in 2015. Deutsche Telekom followed with 35.4 percent, while Vodafone had a market share of 26.2 percent.32 Despite fears that the merger might lead to an increase in pricing of mobile services,33 the prices continued to decrease in 2015, though probably slower than they might have without the merger.34

Regulatory Bodies

Internet access, both broadband and mobile, is regulated by the Federal Network Agency for Electricity, Gas, Telecommunications, Post, and Railway (Bundesnetzagenturor BNetzA), which has operated under the supervision of the Federal Ministry of Transport since early 2014.35 The president and vice president of the agency are appointed for five-year terms by the German federal government, following recommendations from an advisory council consisting of 16 members from the German Bundestag and 16 representatives from the Bundesrat. The German Monopolies Commission and the European Commission (EC) have both criticized this highly political setting and the concentration of important regulatory decisions in the presidential chamber of the Federal Network Agency.36 Similarly, the Court of Justice of the European Union (CJEU) and the EC noted that the regulation of data protection and privacy by agencies under state supervision does not comply with the EU Data Protection Directive 95/46/EC.37

In addition to these institutional concerns, regulatory decisions by the BNetzA have been criticized for providing a competitive advantage to Deutsche Telekom, the former state-owned monopoly.38 These reservations most recently reemerged in November 2015 after the BNetzA presented a proposal to allow the Telekom to implement vectoring, a technology that is capable of boosting the bandwidth of DSL connections on pre-existing copper lines.39 However, in order to function as intended, it requires a single operator to remain in charge of the entire bundle of cables, which in turn means that unbundling and redistributing the connection becomes more difficult, effectively privileging the managing operator.40 Due to this, criticism of the decision has been ongoing and strong. After the federal monopoly commission (Monopolkommission) voiced its concerns in an advisory opinion in December 2015,41 the BNetzA advisory board demanded amendments in January 2016.42Telekom competitors even announced that they would consider a constitutional complaint before the Federal Constitutional Court against the decision.43 As a reaction to persistent criticism, in June 2016 the BNetzA withdrew its original proposal and presented a revised version that is supposed to accommodate the competition and regulators’ demands. However, the affected stakeholders maintained that the amendments made only minor changes to the situation.44 As a result, one competitor has started to prepare a lawsuit against Telekom before the administrative court in Cologne.45

Limits on Content: 

Access to online content in Germany is mostly free. Restrictions concerning content usually involve copyright issues or disputes concerning the remuneration of authors. Some further limitations that potentially affect freedom of expression and freedom of information stem from the ongoing enforcement of the ancillary copyright for press publishers and the EU Court of Justices’ decision on the “right to be forgotten” in May 2014.

Blocking and Filtering

Government imposed blocking of websites or internet content rarely occurs in Germany.46 There were no publicly known incidents carried out by state actors during this coverage period. YouTube, Facebook, Twitter and international blog-hosting services are freely available.

Content blocking or filtering practices enforced by private or corporate actors have been an issue for some time. The ongoing dispute between YouTube and GEMA (German Society for Musical Performance and Mechanical Reproduction)47 showcases how private entities substantially shape the availability of online content.48 Since 2009, Google and GEMA have been unable to reach an agreement on the amount Google should pay for a license for copyright-protected music videos disseminated on YouTube. GEMA considers it a copyright infringement if YouTube uses content whose rights ownership is administered by GEMA and the Google-owned video platform refuses to pay adequate compensation to copyright holders.49 As a result, YouTube blocks videos for users within Germany if the video might contain copyright-protected music, and instead displays an error message stating that the video is not available in Germany because GEMA might not have granted the publishing rights.50 Google has raised concerns about the undesired effect on freedom of expression.51 At the end of June 2015, two German courts – one in Hamburg, the other in Munich – decided that on the one hand, YouTube qualifies as a host provider, which means that it is in the privileged position of not being bound to pay damages if its users upload copyright-protected material.52 On the other hand, it is under the obligation to block illegal content once it has gained knowledge of its existence on the platform.53 The judgment has since been upheld in the second instance in January 2016,54 which was subsequently appealed. On November 1, YouTube and GEMA finally reached a licensing agreement and the videos in question will no longer be blocked.55

In November 2015, the Federal Court of Justice ruled that the blocking of websites may be ordered as a last resort if it is the only possibility for a copyright holder to effectively end the rights infringement on that website.56 That means that in such cases, after an assessment of all circumstances relevant to the case at hand, the owner of the copyright in question may demand the internet access provider to block the website in question. If the provider disagrees, a court would decide. The decision has been subject to criticism as such blocking is considered easy to circumvent and thus ineffective.57

German ISPs employ deep packet inspection (DPI) for the purposes of traffic management, as well as to throttle peer-to-peer traffic. Users are especially affected by peer-to-peer (P2P) related restrictions in the mobile market.58 Although Vodafone, for example, announced that for the time being the practice shall remain limited to mobile internet access, there is no ultimate confirmation that it will not be extended in the future.59

The protection of minors constitutes an important legal framework for the regulation of online content.60 Youth protection on the internet is principally addressed by states through the Interstate Treaty on the Protection of Human Dignity and the Protection of Minors in Broadcasting (JMStV), which bans content similar to that outlawed by the criminal code, such as the glorification of violence and sedition.61 A controversial provision of the JMStV reflecting the regulation of broadcasting media mandates that adult-only content on the internet, including adult pornography, must be made available in a way that verifies the age of the user.62 The JMStV enables the blocking of content if other actions against offenders fail and if such blocking is expected to be effective. The Federal Criminal Police Office (Bundeskriminalamt) has initiated the deletion of thousands of sites related to child pornography,63 reporting a considerable increase in discovered sites in 2014.64

Content Removal

Most of the content removal issues in Germany relate to the removal of results from search engine functions, rather than deletion of content. The autocomplete function of Google’s search engine has repeatedly been subject to scrutiny. In May 2013, the Federal Court of Justice ruled that Google could be held liable, at least under some circumstances, for the infringement of personal rights through its autocomplete function.65 In its subsequent decision concerning the same case, the Higher Regional Court in Cologne decided that Google’s liability amounted to the obligation to delete the respective automated search query combination and to refrain from repeating the tort, but not to pay further compensation.66
Since the CJEU decision on the “right to be forgotten” in May 2014,67 Google and other search engines are required to remove certain search queries from their index if they infringe on the privacy rights of a person and that person files a respective application with the search engine. As of March 10, 2016, Google had assessed more than 400,000 applications across the EU, with nearly 67,000 coming from Germany alone.68 In 48.4 percent of the German requests, Google decided to remove the link. The process follows the guidelines developed by an advisory group of experts set up by the company in 2014, which published its final report in February 2015.69 The guidelines aim to strike a balance between the right to be forgotten on the one hand, and freedom of expression and information on the other.70 In early March 2016, Google announced that it would delist links not only from its European domains such as google.de, google.fr, etc., but in the future resort to geo-blocking so that delisted links could not appear in Google search queries within the European Union even if someone used google.com instead of the national version of the search engine.71 This had been one of the most pressing demands by European data protection officers since the publication of the CJEU decision.72

There is no censorship prior to the publication of internet content. On the other hand, figures released by ICT companies indicate that post-publication content removal requests are issued with regard to defamation or illegal content. According to Google’s latest transparency report regarding requests to remove content covering the period from July to December 2015, the company received 199 requests from the German courts and other public authorities. Defamation remains by far the most common reason for court orders to remove content.73 Upon request from authorities, between July and December 2015, Facebook restricted access to 366 pieces of content that advocated right wing extremism and Holocaust denial, which are illegal under the German criminal code, up from 188 such removals between January and June 2015.74

Amidst the European “refugee crisis,” which saw the rise of anti-refugee extremism on social media, the German federal government as well as domestic media started urging Facebook to become more proactive in addressing hateful or offensive content on its platform.75 In October 2015, a Würzburg-based lawyer even filed a criminal complaint with the public prosecutor in Hamburg against Facebook’s managing director for Northern, Central, and Eastern Europe. By doing so, the lawyer aimed to hold the executive personally responsible for the social network’s alleged failure to curb or subdue hate speech on its platform.76 Although the prosecutor subsequently opened an official investigation against the manager, the charges against the Facebook manager were eventually dropped in March 2016 due to a lack of evidence for criminal responsibility.77

After initial hesitation, Facebook gradually became more willing to regulate its platform in accordance with German laws governing hate speech. In January 2016, the company set up a new team of employees in Berlin with the sole task of examining, and if necessary, deleting such comments or other content on the platform.78Despite some criticism coming from commentators abroad, especially in the United States where hate speech is not prohibited, many Germans seemed to welcome the heightened pressure on Facebook urging the company to change its practice towards hate speech.79

Platform operators can be held liable for illegal content under the Telemedia Act. The law distinguishes between full liability for owned content and limited “breach of duty of care” (Stoererhaftung) of access providers and host providers for third party content.80 Although access and host providers81 are not generally responsible for the content they transmit or temporarily auto store, there is a certain tension between the underlying principles of liability privilege and that of secondary liability.82Principally, ISPs are not required to proactively control or review the information of third parties on their servers; they become legally responsible as soon as they gain knowledge of violations or violate reasonable audit requirements.83

In 2012, court rulings limited the liability privilege of ISPs by further specifying requirements, responsibilities, and obligations. Additional blocking and filtering obligations of host providers have been put in more concrete terms by the Federal Court of Justice (Bundesgerichtshof, BGH) in the “Alone in the Dark” case.84 In this specific instance, the game publisher Atari sued the file hosting service Rapidshare for copyright violations concerning a video game. Although the judges did not hold Rapidshare liable for direct infringement, they saw a violation of the service’s monitoring obligations under the breach of duty of care as a result of Rapidshare’s failure to proactively control its service for copyrighted material after it was notified of one infringing copy.85

In a subsequent decision concerning Rapidshare in August 2013, the BGH substantiated and further extended host providers’ duties. According to the judgment, if the business model of a service aims to facilitate copyright infringements, the company is considered less worthy of protection with regard to liability privilege.86 As a consequence, host providers are required to monitor their own servers and search for copyright-protected content as soon as it has been notified of a possible violation.87 The Federal Ministry of Economy introduced a draft bill in March 2015 to revise the law on the breach of a duty of care. It explicitly provided for a preclusion of liability privilege for providers with such business models.88

A special requirement to review the content for any rights violations was also ruled in a case where a blogger integrated a YouTube video onto his website.89 However, in October 2014, the CJEU ruled that embedding content from other sources by means of framing is not a copyright infringement.90 In July 2015, the Federal Court of Justice clarified that embedding is legal, as long as the source itself is legal – which at least in theory means that publishers are under the legal obligation to research whether the content they intend to embed was uploaded without a violation of copyright.91

An important exception to the liability privilege concerns wireless networks.92 Because of a highly disputed ruling against the existing liability privilege by the Federal High Court in 2010, legislative initiatives from states and political parties have sought to modify the secondary liability of local Wi-Fi operators. The governing coalition agreed to press ahead with new legislation that aims to encourage the expansion of publicly accessible Wi-Fi networks by creating legal certainty for operators.93However, experts and the European Commission criticized the latest bill aiming to revise the current rules on liability, introduced in December 2015, for establishing high obstacles for providers of freely accessible Wi-Fi networks.94 For example, the proposed requirement for users of such networks to declare that they will not violate the law while being online was considered problematic from both a legal and a technical standpoint.95

In addition to these legislative proposals, in September 2014 a Munich court asked the CJEU for a preliminary ruling on the question of the applicability of the liability privilege for a provider of an openly accessible Wi-Fi network.96 In September 2016, the CJEU decided that although providers are usually not responsible for violations committed by the users of a free network, they are obliged to secure free networks with a password.97 The ruling was largely in line with prior German jurisprudence, and most commentators did not consider it an improvement for providers of openly accessible networks.98

Media, Diversity, and Content Manipulation

Germany is home to a vibrant internet community and blogosphere; however, there are some issues regarding the enforcement of ancillary copyright regulations, which may contribute to distorting search results for news outlets attempting to monetize their content.

To date, self-censorship online has not been a significant or well-documented issue in Germany. Still, there are more or less unspoken rules reflected in the publishing principles of the German press.99 The penal code and the JMStV prohibit content such as child pornography, racial hatred, and the glorification of violence in a well-defined manner. However, the OSCE strongly criticized the criminal investigation into the online media outlet Netzpolitik in July 2015, with regard to their reports on the activities of the German intelligence agencies, for its potential chilling effect on investigative reporting (see Violations of User Rights).100

Local and international media outlets and news sources are accessible and represent a diverse range of opinions. However, ancillary copyright for press publishers (Leistungsschutzrecht für Presseverleger), in force since 2013, allows publishers to monetize even the small snippets of information that search engine operators display as part of the results of a query.101 This raised concerns regarding the constitutionally protected rights to freedom of expression and freedom of information.102 In reaction to the law’s enactment, search engines such as Google began excluding search results leading to the websites of publishers that monetized their search links, or displayed links without the corresponding snippets to limit monetization.103 In response, the publishers’ collecting society VG Media lodged complaints and antitrust proceedings against Google. Most recently in September 2015, the Federal Cartel Office decided that Google’s practice was not in violation of antitrust laws.104 Later in November 2015, arbitration proceedings between Google and VG Media failed, as the search engine regarded VG Media’s demand to receive 6 percent of Google’s aggregate turnover as license fees as inappropriate.105 In response, VG Media filed a new lawsuit against Google in January 2016.106

Meanwhile, Germany’s Telecoms Act authorizes the federal government to issue an executive order to protect the principle of net neutrality.107 In November 2015, with the votes from the ruling coalition of Christian and Social Democrats, the German federal parliament rejected a legislative proposal by the Greens party to domestically safeguard net neutrality. Representatives of the majority referred to the EU regulation adopted in October 2015, deeming it a viable compromise.108 Though formally endorsing the principle of net neutrality, the European regulation on net neutrality prompted concern that certain services may still be privileged within the networks, as experts deemed that the text would make it easy to introduce a first-class and second-class internet.109 However, the final version of the “Guidelines on the Implementation by National Regulators of European Net Neutrality Rules,” published by the Body of European Regulators for Electronic Communications (BEREC) at the end of August of 2016,110 provide further safeguards for the principle of net neutrality, closing many of the loopholes for “specialized services.”111 The national legislator ought to follow the now clarified European standards concerning net neutrality.

Digital Activism

Several civil society initiatives have used the internet to conduct advocacy campaigns on political and social issues in Germany. In the summer of 2015, after the Federal Prosecutor General launched formal preliminary criminal proceedings against the journalists of Netzpolitik.org (see Prosecutions), thousands of Twitter users protested against the decision by using the hashtag #landesverrat (“treason”).112

When xenophobic and racist comments spread online after the incidents of sexualized violence and robbery on New Year’s Eve 2015 in the city of Cologne, several prominent German feminist activists (the same who, three years ago, had initiated the famous #aufschrei campaign against sexism) launched an online campaign to tackle both racism and sexualized violence, using the Twitter hashtag #ausnahmslos.113 Several German and international politicians and activists endorsed the campaign and helped spread the hashtag, including the Federal Minister of Justice Heiko Maas.114 Among other issues, the activists made calls to reform the German law governing sexual offenses.115

Separately, in January 2016 the non-governmental organization Digitale Gesellschaft started an online video campaign against the proposed introduction of the mandatory retention of passenger name records within the European Union.116

Violations of User Rights: 

The scandal triggered by Edward Snowden’s 2013 revelations concerning the activity of the NSA and German intelligence services remained inadequately assessed despite an ongoing parliamentary inquiry. Most significantly, a new data retention law was criticized for its extensive intrusion into private telecommunications data. The reintroduction of spy software for law enforcement authorities also raised concerns. The criminal investigation against two journalists for publishing articles containing classified state information drew widespread public criticism.

Legal Environment

German Basic Law guarantees freedom of expression and freedom of the media (Article 5) as well as the privacy of letters, posts, and telecommunications (Article 10). These articles generally safeguard offline as well as online communication. A groundbreaking 2008 ruling by the Federal Constitutional Court established a new fundamental right warranting the “confidentiality and integrity of information technology systems” grounded in the general right of personality guaranteed by Article 2 of the Basic Law.117

Online journalists are largely granted the same rights and protections as journalists in the print or broadcast media. Although the functional boundary between journalists and bloggers is starting to blur, the German Federation of Journalists maintains professional boundaries by issuing press cards only to full-time journalists.118 Similarly, the German Code of Criminal Procedure grants the right to refuse testimony solely to individuals who have “professionally” participated in the production or dissemination of journalistic materials.119

Legislation to transform the Office of the Federal Commissioner for Data Protection and Freedom of Information from a subdivision of the Federal Ministry of the Interior to an independent supreme federal authority came into force on January 1, 2016. It is expected to significantly strengthen the Commissioner’s powers in relation to data protection in Germany.120 Aside from the change of constitutional status, the authority will in the future also administer a significantly higher budget and a larger staff.121

Prosecutions and Detentions for Online Activities

In July 2015, the then-Federal Prosecutor General Harald Range instituted preliminary criminal proceedings against two online journalists, Markus Beckedahl and Andre Meister of Netzpolitik.org, for charges of treason after the site had published classified documents while reporting on activities of the Federal Office for the Protection of the Constitution. Initiated by Hans-Georg Maaßen, president of the Federal Office,122 the probe quickly sparked public outrage, chiefly among journalists but also within the ranks of senior politicians of both the federal parliament and the government. Legally, the case hinged on whether the leaked documents would in fact qualify as state secrets. Following an official instruction from the Federal Ministry of Justice, the investigations were halted on August 4, 2015, followed by a request from Justice Minister Heiko Maas to temporarily suspend Prosecutor General Range in an effort to calm rising criticism of the government. On August 10, it was determined that no state secrets had been leaked, and the criminal investigation came to an ultimate halt, though the incident continued to cause ripples over the following months.123 Meanwhile, the incriminated journalists declared that they had reason to believe that they had been under surveillance by the Federal Criminal Police Office during the investigations.124

In another case that sparked a wider debate over freedom of speech in Germany in April 2016, Chancellor Merkel announced the decision to allow criminal proceedings against German satirist Jan Boehmermann.125 Turkey’s President Recep Tayyip Erdogan had filed a criminal complaint against the comic for a provocative poem mocking him, under an obscure German law that penalizes insults against foreign heads of state.126 First aired on ZDF Television‘s Neo Magazin Royale show, ZDF also decided to remove the video clip from its official online channels, arguing that the poem did not meet the standards expected of its satire shows.127 Prosecutors finally dropped the case against Boehmermann in October 2016 due to insufficient evidence.128

The German Criminal Code (StGB) includes a provision on “incitement to hatred” (§ 130 StGB), which penalizes calls for violent measures against minority groups and assaults on human dignity.129 The German people mostly regard this provision as legitimate, particularly because it is generally applied in the context of holocaust denials.130 In the context of the ongoing refugee crisis, there has been a surge of criminal investigations invoking this provision, most of the time due to hate speech against asylum seekers on social media platforms such as Facebook. As a result, there have been considerably more convictions for incitement to hatred than usual.131

Surveillance, Privacy, and Anonymity

Following the classified documents leaked by former NSA contractor Edward Snowden in 2013, the activities of the NSA, the British government’s intelligence organization GCHQ, and the German intelligence service continued to stir debates during this coverage period. New legislation concerning data retention and reforms of the German intelligence service raised fresh concerns regarding the rights to privacy and freedom of expression.

The parliamentary commission of inquiry continued efforts to investigate and analyze the foreign intelligence agencies’ activities on German territory as well as the involvement or complicity of German government or intelligence agencies. In July 2015, the federal government, following the parliamentary commission’s proposal, appointed former federal judge Kurt Graulich as a special investigator to examine and assess the NSA’s top-secret target lists for surveillance.132 Graulich’s final report in October 2015 made serious allegations against the American intelligence agency. For instance, the judge found that the NSA had surveilled European government institutions, despite a contractual agreement between the agency and the Federal Intelligence Agency (Bundesnachrichtendienst, BND) explicitly restricting the practice. The report also found that European businesses, such as the Airbus armaments subsidiary EADS, were on the target list. At the same time, due to the alleged breach of contract, the BND was largely exonerated by the report.133

Opposition parties in the commission criticized Graulich’s assessment, accusing the federal government of bias in investigating its own behavior, and demanded that the target list be handed to the commission itself.134 A few days later, it was revealed that Graulich had copied internal reports by the BND to write his own report, which further undermined his asserted independence. Representatives of the Greens party alleged that the investigator’s true role was to whitewash the federal government’s conduct in the course of the affair.135 In the aftermath of the scandal, the federal government vowed to introduce new legislation with the express purpose of controlling the BND’s activities more tightly in the future. However, a draft bill approved by the cabinet in June 2016 has raised further criticism for attempting to legalize controversial surveillance practices rather than curtailing them.136

In early July 2015, revelations showed that the NSA had spied on German journalists in 2011. While the federal government had gained knowledge of the activity, it had apparently failed to investigate the case or attempt to stop the American intelligence agency. Moreover, it had not reported the activity to the federal parliament’s control committee for intelligence. As a result, the affected news magazine filed a charge to the federal prosecutor’s office.137

In February 2016, reports revealed that Federal Bureau of Criminal Investigation (BKA) had finished developing a new version of its own spyware (the so-calledBundestrojaner, “federal Trojan horse”) that would be ready before mid-2016 to spy on the communications of suspected criminals. In accordance with a 2008 ruling of the Federal Constitutional Court, the software would not be capable of sifting through whole computer systems or hard drives. However, experts raised serious doubts concerning its purported capacity, as there is no significant technical difference between the two modes of operation.138

Furthermore, the use of so-called silent SMS or stealth pings by the BKA has vastly increased. The technology is used to monitor a target person’s movements, without the target’s notice. In the second half of 2015, the BKA sent 116,948 of those invisible text messages, compared to only 22,357 in the first half of last year. Both the federal police and the Federal Office for the Protection of the Constitution also resorted to the use of silent SMS, in 41,671 and 45,376 instances, respectively. Despite judicial oversight, the practice has drawn criticism, in particular from the party Die Linke.139

Telecommunications interception by state authorities for criminal prosecutions is regulated by the code of criminal procedure (StPO) and may only be employed for the prosecution of serious crimes for which specific evidence exists and when other, less-intrusive investigative methods are likely to fail. According to recent statistics published by the Federal Office of Justice, there were a total of 22,590 orders for telecommunications interceptions in 2015, compared to 23,382 in 2014, of which 7,431 concerned internet communications, compared to only 5,485 in the year before.140 There were also a total of 27,164 orders requesting internet traffic data in 2015, compared to 22,701 in 2014.141

Surveillance measures conducted by the secret services under the Act for Limiting the Secrecy of Letters, the Post, and Telecommunications exceed these figures. In 2014, the competent Parliamentary Control Panel reported that a total of 25,209 telecommunications – most of them email – were scanned, of which only 82 were considered relevant.142 The panel highlighted the steady and significant decline in surveillance measures, the number of which had been above 2.8 million in 2011, and 851,691 in 2012. The email contents were scanned for keywords relating to certain “areas of risk,” namely international terrorism, proliferation of arms and other military technology, and human smuggling.143

Excessive interceptions by secret services formed the basis of a 2008 Federal Constitutional Court ruling, which established a new fundamental right warranting the “confidentiality and integrity of information technology systems.” The court held that preventive covert online searches are only permitted “if factual indications exist of a concrete danger” that threatens “the life, limb, and freedom of the individual” or “the basis or continued existence of the state or the basis of human existence.”144Based on this ruling, the Federal Parliament passed an act in 2009 authorizing the Federal Bureau of Criminal Investigation (BKA) to conduct covert online searches to prevent terrorist attacks with a warrant.145 In addition to online searches, the act authorizes the BKA to employ methods of covert data collection, including dragnet investigations, surveillance of private residences, and the installation of a program on a suspect’s computer that intercepts communications at their source. The anti-terror legislation first passed after the September 11 terrorist attacks, and that inter alia obliges banks or telecommunications operators to disclose customer information to the authorities, was once again extended in November 2015 through 2021.146

The amended telecommunication act of 2013 reregulates the “stored data inquiry” requirements (Bestandsdatenauskunft).147 Under the new provision, approximately 250 registered public agencies, among them the police and customs authorities, are authorized to request from ISPs both contractual user data and sensitive data. While the 2004 law restricted the disclosure of sensitive user data to criminal offenses, the amended act extends it to cases of misdemeanors or administrative offenses. Additionally, whereas the disclosure of sensitive data and dynamic IP addresses normally requires an order by the competent court, contractual user data (such as the user’s name, address, telephone number, and date of birth) can be obtained through automated processes. The requirement of judicial review has been subject to two empirical studies, both of which found that in the majority of cases a review by a judge does not take place.148 Data protection experts criticize the lower threshold for intrusions of citizens’ privacy as disproportionate.

Despite the CJEU 2014 decision to declare the EU Data Retention Directive unconstitutional,149 the federal parliament enacted a law concerning the reintroduction of data retention with the votes of the governing coalition in October 2015.150 Both the opposition and data protection officials had fiercely opposed the legislative proposal, maintaining that the law contradicts civil laws and violates the guidelines established by the CJEU. Under the new law, different sets of data have to be stored on servers located within Germany for ten weeks, while providers have to retain the numbers, and the date and time of phone calls and text messages, and internet providers are required to retain IP addresses of all internet users, as well as the date and time of connections. The location data of mobile phone connections must be saved for four weeks. The requirements exclude sites accessed, email traffic metadata, and the content of communications. Though solely aimed at assisting law enforcement agencies, in January 2016 leading representatives of the governing Christian Democratic Union demanded an extension of the law so that domestic intelligence agencies could also access the data.151 In reaction to the controversial legislation, so far no less than four constitutional complaints have been filed against the law. Among other issues, the complainants claim that, contrary to the CJEU guidelines, which only allow for the retention of data of suspects, the law would enable indiscriminate mass retention of data.152

User anonymity is compromised by SIM cards registration requirements under the telecommunication act of 2004, which requires the purchaser’s full name, address, international mobile subscriber identity (IMSI), and international mobile station equipment identity (IMEI) numbers, if applicable.153 Nonetheless, the principle anonymity on the internet is largely upheld as a basic right, despite disapprovals from the Federal Minister of the Interior and some other members of the conservative parties.154 A decision by the Federal Court of Justice further strengthened this right, confirming that an online review portal is under no obligation to disclose the data of an anonymous user. In the preceding judgment, the Higher Regional Court in Stuttgart had ruled to the contrary.155 Website owners and bloggers are not required to register with the government. However, most websites and blogs need to have an imprint naming the person in charge and contact address. The anonymous use of email services, online platforms, and wireless internet access points are legal. In January 2016 however, reports noted how the Federal Criminal Police Office continued to lobby against encryption technologies at the European level.156

Intimidation and Violence

There have been no known cases of direct intimidation or violence against online journalists or other ICT users during the coverage period.

Technical Attacks

Human rights activists and nongovernmental organizations are rarely victims of cyberattacks or other forms of technical violence. However, cyberattacks have become an increasingly significant problem for industry in Germany. According to a survey conducted by the Federal Office for Information Security (BSI), 58.5 percent of German businesses and public institutions were affected either by a successful or unsuccessful cyberattack in the past two years. This represents a slight increase compared to the previous year, when the number was at 56.4 percent.157 In the summer of 2015, hackers attacked the federal parliament’s network and left it entirely crippled.158 The whole network went offline for four days until the servers were renewed.159

To strengthen its response capabilities to cyberattacks, the federal parliament enacted an IT security law in June 2015 obliging telecommunication firms and critical infrastructure operators to report security breaches to the BSI. However, the new law has been subject to criticism for being largely ineffective and overly intrusive concerning the storage of traffic data to determine the source of possible cyberattacks.160

Notes: 

1 Statistisches Bundesamt, 2015, http://bit.ly/1nZmCyY.

2 Eurostat, “Broadband and Connectivity – Households,” April 7, 2016, http://bit.ly/1rCjmu7.

3 International Telecommunication Union, “Percentage of Individuals Using the Internet 2000-2015,” accessed October 8, 2016, http://bit.ly/1cblxxY.

4 Initiative D21, Digital Index 2015, p. 13, http://bit.ly/1OTRejg.

5 Bundesnetzagentur, Jahresbericht [Annual report 2015], p. 50, May 1, 2016, http://bit.ly/1RWbKe7.

6 Stefan Krempl, “Bundesregierung beschließt Förderprogramm zum Breitbandausbau” [Federal government decides on development plan for broadband internet], heise.de, October 21, 2015, http://bit.ly/2dAnElb.

7 Akamai, State of the Internet, 2015 Q4 Report, http://akamai.me/2b5MgzU.

8 Thomas Heuzeroth, “Industrie investiert Milliarden in Breitbandausbau” [Industry invests billions in broadband development], welt.de, October 7, 2014, http://bit.ly/1P81UbX.

9 Stefan Krempl, “Bundesregierung beschließt Förderprogramm zum Breitbandausbau” [Federal government decides on development plan for broadband internet], heise.de, October 21, 2015, http://bit.ly/2dAnElb.

10“Bundesregierung vergibt erste Fördergelder für Breitbandausbau” [Federal government awards first subsidies for broadband development], Heise.de, December 14, 2015, http://bit.ly/2d3zU9J.

11 Christine Schultze, “Viele Firmen kämpfen auch 2016 mit Breitband-Lücken” [Many businesses continue to struggle with broadband gaps in 2016], heise.de, January 2, 2016, http://bit.ly/2dARdTG.

12 Bundesnetzagentur, Jahresbericht [Annual Report 2015], p. 58, May 1, 2016, http://bit.ly/1RWbKe7.

13 Bundesnetzagentur, Jahresbericht [Annual Report 2015], p. 58, May 1, 2016, http://bit.ly/1RWbKe7.

14 Bundesnetzagentur, Jahresbericht [Annual Report 2015], p. 58, May 1, 2016, http://bit.ly/1RWbKe7.

15 Bundesministerium für Wirtschaft und Technologie [Federal Ministry of Economics and Technology], “Monitoring-Report Wirtschaft DIGITAL 2015”, December 2015, p. 61, http://bit.ly/29vsISD.

16 Timm Lutter, “Umsatz mit Smartphones knackt 10-Milliarden-Marke” [Smart phone revenue reaches 10 billion mark], bitkom.org, February 16, 2016, http://bit.ly/1TlHVZj.

17 Bundesnetzagentur, Jahresbericht [Annual Report 2015], p. 60, May 1, 2016, http://bit.ly/1RWbKe7.

18 Statistisches Bundesamt, “IT-Nutzung nach Geschlecht 2015” [IT usage according to gender 2015], http://bit.ly/29vsISD.

19 Statistisches Bundesamt, “IT-Nutzung nach Alter 2015” [IT usage according to age 2015], http://bit.ly/1E0tpKO.

20 Initiative D21, Digital Index 2015, p. 59, http://bit.ly/2dObZQn.

21 Initiative D21, Digital Index 2015, p. 59, http://bit.ly/2dObZQn.

22 Initiative D21, Digital Index 2015, p. 56, http://bit.ly/2dObZQn.

23 Initiative D21, Digital Index 2015, p. 56, http://bit.ly/2dObZQn.

24 Statistisches Bundesamt, “Statistisches Jahrbuch. Deutschland und Internationales” [Statistical Yearbook], 2014, p. 400, http://bit.ly/1jCRrJu.

25 Destatis.de, “Einkommen, Einnahmen & Ausgaben” [Income, revenue & expenses], http://bit.ly/1pCNNhi.

26 Bundesgerichtshof [Federal Court of Justice], “Bundesgerichtshof erkennt Schadensersatz für den Ausfall eines Internetanschlusses zu” [Court awards damages for internet failures], press release 14/13, January 24, 2013, http://bit.ly/1FLvz98. Hartz IV standard rate is € 391, see: http://bit.ly/2d3yFYtl; € 2.28 of that sum are for Internet access, See: Deutscher Bundestag [German Bundestag], Drucksache 17/3404, p. 60,http://bit.ly/1LnUX6U.

27 Björn Brodersen/Alexander Kuch, “Backbones – die starken Hintergrundnetze des Internets” [Backbones – the strong background networks of the internet], teltarif.de, http://www.teltarif.de/internet/backbone.html.

28 “Deutsche Telekom,” Wikipedia, accessed October 8, 2016, https://en.wikipedia.org/wiki/Deutsche_Telekom.

30 DSLWEB, “Breitband Report Deutschland Q3 2015” [Broadband Report Germany], December 10, 2015, http://bit.ly/2dnx28E.

31 Jörn Krieger, “Bundeskartellamt gibt grünes Licht” [Federal Cartel Office gives the go-ahead], TV Digital, March 9, 2016, http://bit.ly/2cZQs7D.

32 Statista, “Marktanteile der einzelnen Netzbetreiber an den Mobilfunkanschlüssen in Deutschland von 1998 bis 2015” [Market share of mobile operators in Germany 1998-2015], accessed October 8, 2016,http://bit.ly/2dBWHzR.

33 Bundesministerium für Wirtschaft und Technologie [Federal Ministry of Eceonomics and Technology], “Monitoring-Report Digitale Wirtschaft 2014,” December 2014, p. 36, http://bit.ly/1uu9bEL.

34 “Was Handy- und Internetkunden 2016 erwartet” [What mobile and internet costumers may expect in 2016], Welt.de, December 24, 2015, http://bit.ly/2dbMuY4.

35 Markus Beckedahl, “Verkehrsministerium gewinnt Fachaufsicht über Bundesnetzagentur” [Ministry of Transport gains supervision over Federal Network Agency], Netzpolitik.org, February 14, 2014,http://bit.ly/1jDT9KQ.

36 Monopolkommission [Monopolies Commission], “Telekommunikation 2009: Klaren Wettbewerbskurs halten” [Telecommunication 2009: stay on target in competition], Sondergutachten 56, 2009, p. 75,http://bit.ly/2dBXDUY; European Commission, “Progress Report on the Single European Electronic Communications Market (15th Report)”, COM(2010) 253, p. 196, http://bit.ly/1Od2qpT.

37 European Commission, “Data Protection: European Commission requests Germany to ensure independence of data supervisory authority,” Press Release, Brussels, April 6, 2011, http://bit.ly/2cZPo3n.

38 European Commission, Progress Report, p. 196. Since the Federal Republic still exercises its rights as a shareholder of Deutsche Telekom (circa 38 percent) through another public law entity, commentators see a potential conflict of interest. See: Christian Schmidt, “Von der RegTP zur Bundesnetzagentur. Der organisationsrechtliche Rahmen der neuen Regulierungsbehörde” [From RegTP to Federal Network Agency. The organizational framework of the new regulator], Die Öffentliche Verwaltung 58 (24), 2005, p. 1028.

39 Tomas Rudl, “Breitbandausbau: Telekom-Vectoring kommt näher“ [Broadband development: Telekom vectoring approaches], Netzpolitik.org, November 23, 2015, http://bit.ly/2dOcz0t.

40 Richard Sietmann, “Fiber to the Neverland. Die Telekom forciert VDSL-Vectoring statt Glasfaser” [Fiber to the Neverland. DT pushes VDSL-Vectoring instead of Fiber], c't 10/2013, April 29, 2013, pp. 18-21,http://heise.de/-1847272.

41 Volker Briegleb, “VDSL-Turbo Vectoring: Monopolkommission warnt vor ’Technologiemonopol der Telekom‘” [VDSL turbo vectoring: monopoly commission warns against ’technology monopoly of the Telekom’], heise.de, December 7, 2015, http://bit.ly/2eeTyog.

42 Tomas Rudl, “Vectoring: Beirat der Bundesnetzagentur fordert Nachbesserungen” [Vectoring: advisory board of Bundesnetzagentur demands amendments], Netzpolitik.org, January 26, 2016, http://bit.ly/2dD05a2.

43 Volker Briegleb, “VDSL-Vectoring: Telekom-Konkurrenten erwägen Verfassungsklage” [VDSL vectoring: competitors of Telekom consider entertain constitutional complaint], heise.de, January 20, 2016,http://bit.ly/2cZQM6p.

44 Volker Briegleb, “DSL-Turbo Vectoring: Regulierer legt geänderten Entwurf vor” [DSL turbo vectoring: regulator presents amended draft], heise.de, June 21, 2016, http://bit.ly/2dnxKDb.

45 Volker Briegleb, “VDSL-Turbo Vectoring: Schwarzer Supertag für Breitband-Deutschland” [VDSL turbo vectoring: black super day for broadband Germany], heise.de, September 2, 2016, http://bit.ly/2fAiwPv.

46 Due to substantial criticism by activists and NGOs that provoked an intense political debate, the 2010 law on blocking websites containing child pornography, the Access Impediment law (Zugangserschwerungsgesetz), never came into effect and was finally repealed by the German parliament in December 2011.

47 Collecting societies are private organizations at the national level in Germany authorized by the Copyright Administration Act (Urheberrechtwahrnehmungsgesetz). Although they act under the supervision of the German Patent and Trademark Office (DPMA), they belong to the private sector. With the foundation of the collecting society C3S, provided the DPMA grants permission, GEMA’s national monopoly could soon come to an end. See: Jens Uthoff, “Neue Wege im Paragraphendschungel” [New paths through the regulation jungle], taz.de, April 9, 2014, http://www.taz.de/!136441/.

48 Compared to 0.9 per cent in the United States and ca. 1 per cent in Austria and Switzerland. See: “Diese Kultur ist in Deutschland leider nicht verfügbar” [This culture is not available in Germany], sueddeutsche.de, January 28, 2013, http://sz.de/1.1584813.

49 GEMA, “GEMA and YouTube,” accessed April 23, 2014, http://bit.ly/2eyz5wd.

50 GEMA demands 0.375 cents per retrieval.

51 In particular, Google argues that because the GEMA does not provide a list on the complete repertoire they licensed, most music videos have been blocked in order to avoid financial risks.

52 “YouTube erzielt Etappensieg gegen die Gema” [YouTube with stage victory against Gema], Zeit Online, June 30, 2015, http://bit.ly/2dK3eEE.

53 Mirjam Hauck, “Kein Ende in Sicht” [No end in sight], Sueddeutsche.de, July 1, 2015, http://bit.ly/2dObaH9.

54“Gema verliert erneut vor Gericht gegen YouTube” [Gema loses another lawsuit against YouTube], Welt.de, January 29, 2016, http://bit.ly/2dbKLSz.

55 This development occurred outside the period of coverage of this report. See: Tim Ingham, “YouTube strikes deal with GEMA to host music videos in Germany,” Music Business Worldwide, November 1, 2016,http://bit.ly/2e8Hv7t.

56 Constanze Kurz, “BGH-Entscheidung zu Netzsperren: Die nichtsnutzige digitale Sichtschutzpappe ist zurück” [Federal Court of Justice decision on blocking of websites: the useless digital screen wall is back], Netzpolitik.org, November 26, 2015, http://bit.ly/2d3wCmY.

57 Constanze Kurz, “BGH-Entscheidung zu Netzsperren: Die nichtsnutzige digitale Sichtschutzpappe ist zurück” [Federal Court of Justice decision on blocking of websites: the useless digital screen wall is back], Netzpolitik.org, November 26, 2015, http://bit.ly/2d3wCmY.

58 BEREC, “A view of traffic management and other practices resulting in restrictions to the open Internet in Europe. Findings from BEREC’s and the European Commission’s joint investigation,” May 29, 2012, http://bit.ly/1MOMMhj.

59 Andre Meister, “Waschmaschine im Netz: Wie Telekom und Vodafone Deep Packet Inspection als Feature verkaufen” [Laundry machine on the net: How Telekom and Vodafone sell deep packet inspection as a feature], netzpolitik.org, August 1, 2014, http://bit.ly/1Od6TZN.

60 The legal framework regulating media protection of minors in particular consists of the Law for the protection of children and youth (“Jugendschutzgesetz”, JuSchG) of the federal government and the Interstate Treaty on the Protection of Minors in the Media (short “Jugendmedienschutzstaatsvertrag”, JMStV).

61 Cf. the respective §§ 130, 131 StGB [Crimical Code]. For English translation, see: http://bit.ly/1rT41ps.

62 Cf. the respective § 5, Abs. 3 JMStV.

63 “BKA ließ 2012 tausende Internetseiten löschen,” [BKA had thousands of websites deleted in 2012], Handelsblatt.com, February 26, 2014, http://bit.ly/1MON7R2.

64 Stefan Krempl, “Löschen statt Sperren: BKA hat im Inland mehr mit Kinderpornografie zu tun“ [Erasing instead of blocking: BKA has to deal with more domestic child pornography], heise.de, September 2, 2015,http://bit.ly/2dnwRdG.

65 BGH [Federal Supreme Court], judgment of May 14, 2013, Az. VI ZR 269/12; Jürgen Kuri/Martin Holland, “BGH zu Autocomplete: Google muss in Suchvorschläge eingreifen” [BGH on autocomplete], May 14, 2013http://heise.de/-1862062.

66 Beck Aktuell, “OLG Köln: Klage gegen Google auf Unterlassugn bestimmter Suchwortkombinationen erfolgreich” [Higher Regional Court Cologne: Injunction suit against Google concerning certain search query combinations successful], April 8, 2014, http://bit.ly/2dnwPSY; Adrian Schneider, “OLG Köln: Die Autocomplete-Entscheidung im Detail” [Higher Regional Court Cologne: the autocomplete decision in detail], Telemedicus, April 11, 2014, http://bit.ly/1iRT59G.

67 ECJ, Google Spain and Google, 13 May 2014, http://bit.ly/1MKoqFS.

68 Google Transparency Report, European privacy requests for search removals, http://bit.ly/1nhgHFN.

69 Google Advisory Council, http://bit.ly/1j5L0Pd.

70 Eco.de, “Ein Jahr Recht auf Vergessenwerden: Löschen von Suchergebnissen beeinträchtigt die Zivilgesellschaft” [One year right to be forgotten: Removal of search results impairs civil society], May 13, 2015,http://bit.ly/1N9DnDW.

71 Peter Fleischer, “Adapting our approach to the European right to be forgotten, ” Google Europe Blog, March 4, 2016, http://bit.ly/2e0CnUG.

72 Friedhelm Greis, “Recht auf Vergessen soll weltweit gelten” [Right to be forgotten shall be applicable globally], Golem.de, November 26, 2014, http://bit.ly/1vQfwkF.

73 Google complied fully or partially with 68 percent of the requests that included a court order, and 66 percent of requests from government agencies or law enforcement. Google, “Google Transparency Report, Germany: July to December 2015,” http://bit.ly/2dnbSrg.

74 Facebook, “Government Requests Report: July 2015 – December 2015,” http://bit.ly/2dVeZXy.

75 Eike Kühl, “Weniger Toleranz? Ja bitte.“ [Less tolerance? Yes please.], Zeit Online, November 25, 2015, http://bit.ly/2dK1qvp.

76 Ben Crair, “How Germany Is Dealing With Its Facebook Hate-Speech Problem”, nymag.com, November 22, 2015, http://slct.al/2dAPVb7.

77 Geoffrey Smith, “Germany Drops Its Hate Speech Probe Into Facebook Managers”, fortune.com, March 17, 2016, http://for.tn/2cZPtnL.

78 Fabian Reinbold and Marcel Rosenbach, “Hetze im Netz: Facebook löscht Kommentare jetzt von Berlin aus” [Incitement on the net: Facebook now deletes comments from Berlin], Spiegel Online, January 15, 2016,http://bit.ly/200TbdO.

79 Fabian Reinbold, “Flüchtlingshetze im Netz: Warum Facebook den Hass nicht löscht” [Anti-refugee incitement online: why Facebook does not delete the hate], Spiegel Online, September 7, 2015,http://bit.ly/1JPbxGR.

80 In particular: Part 3, §§ 7-10 TMG: liability for own content (§ 7, Abs. 1 TMG); limited liability for access providers (§§ 8, 9 TMG) and host providers (§ 10 TMG).

81 The BGH in particular has developed the principles of limited liability of host providers: BGH [Federal Court of Justice], judgment of October 25, 2011, Az. VI ZR 93/10.

82 Liability privilege means that information intermediaries on the internet such as ISPs are not responsible for the content their customers transmit. Secondary or indirect liability applies when intermediaries contribute to or facilitate wrongdoings of their customers.

83 BGH [Federal Court of Justice], judgment of March 27, 2012, Az. VI ZR 144/11, http://openjur.de/u/405723.html.

84 BGH [Federal Court of Justice], judgment of July 12, 2012, Az. I ZR 18/11, http://openjur.de/u/555292.html.

85 Timothy B. Lee, “Top German court says RapidShare must monitor link sites for piracy,” Ars Technica, July 16, 2012, http://bit.ly/2dK2bVb.

86 BGH [Federal Court of Justice], judgment of 15 August, 2013, Az. I ZR 80/12, http://bit.ly/1MOQasE .

87 Thomas Stadler, “BGH erweitert Prüfpflichten von Filehostern wie Rapidshare” [Federal Court of Justice extends monitoring duties for host providers such as Rapidshare], Internet-Law, September 4, 2013,http://bit.ly/1N9EWSv.

88 Federal Ministry of the Economy, “Entwurf eines Zweiten Gesetzes zur Änderung des Telemediengesetzes (Zweites Telemedienänderungsgesetz)” [Draft bill of a second act to revise the Telemedia Act], March 11, 2015, http://bit.ly/1C9Em24,

89 LG Hamburg [Regional Court Hamburg], judgement of May 18, 2012, Az. 324 O 596/11, http://openjur.de/u/404386.html.

90 CJEU, Case of BestWater International GmbH v Michael Mebes and Stefan Potsch, C-348/13, October 21, 2014, http://bit.ly/2dnq4k9.

91 Andreas Biesterfeld-Kuhn, “Die zweite Realität der Bundesrichter” [The federal judges’ second reality], Legal Tribune Online, July 10, 2015, http://bit.ly/1Tzuq75.

92 In 2010, the German Federal High Court sentenced the private owner of a wireless router on the grounds that his or her open network allowed illegal activities. cf. Christopher Burgess, “Three Good Reasons to Lock Down Your Wireless Network,” The Huffington Post (blog), June 8, 2010, http://huff.to/1LYHK3k.

93 Coalition Agreement, p. 35.

94 Volker Tripp, “Anhörung zum Telemediengesetz: Wie geht es weiter mit offenem WLAN und Host-Providerhaftung?” [Hearing on telemedia act: what’s next for open wireless networks and host provider liability?], Digitale Gesellschaft, December 16, 2015, http://bit.ly/2dCRT9R.

95 Volker Tripp, “WLAN-Störerhaftung: Die Rechtstreueerklärung muss weg” [Wireless network liability: declaration to abide the law needs to go], Digitale Gesellschaft, January 26, 2016, http://bit.ly/2dbCRZi; See also: Markus Beckedahl, “Trotz Störerhaftungs-Desaster: Dobrindt redet WLAN-Reform schön” [Despite debacle concerning breach of duty of care: Dobrindt sugarcoats Wi-Fi reform], Netzpolitik.org, February 1, 2016,http://bit.ly/1PzhfCZ.

96 “LG München I legt Frage der Haftung bei offenen WLANs dem EuGH vor” [Munich district court submits question on liability concerning open Wi-Fi to ECJ], Offenenetze.de, October 8, 2014,http://bit.ly/1iRW1mK.

97 Spiegel Online, “Das bedeutet das Urteil zur Störerhaftung für Deutschland” [This is what the ruling on network liability means for Germany], September 15, 2016, http://bit.ly/2cgKWvo.

98 Johannes Boie, “Das Wlan-Urteil des EuGH ist unsinnig” [The CJEU’s wifi ruling does not make sense], sueddeutsche.de, September 15, 2016, http://bit.ly/2f15StA.

99 Presserat [Press Council], “Pressekodex” [press code], version dated March 13, 2013, http://bit.ly/1FgsgW8.

100 “OSCE representative warns about impact on free media of criminal investigation of Netzpolitik.org journalists in Germany,” Organization for Security and Co-operation in Europe,” August 4, 2015,http://bit.ly/2dT3gJK.

101 David Meyer, “Google fighting German plan for linking fee”, cnet.com, November 27, 2012, http://cnet.co/1WCkg72.

102 Philipp Otto, “Kommentar: ein unmögliches Gesetz” [Comment: an impossible law], iRights.info, August 30, 2012, http://bit.ly/1jE6XoJ.

103 Henry Steinhau, “Leistungsschutzrecht: T-Online und 1&1 verbannen Verlage der VG Media aus ihren Suchergebnissen” [Ancillary copyright: T-Online and 1&1 ban VG Media publishers from their search results], irights.info, September 16, 2014, http://bit.ly/1JKFxlY.

104 Friedhelm Greis, “Kartellamt hält Googles Vorgehen gegen Verlage für begründet” [Cartel Office considers Google’s approach against publishers justified], golem.de, September 9, 2015, http://bit.ly/2dJRQc4.

105 Stefan Krempl, “Schiedsverfahren zum Leistungsschutzrecht gescheitert” [Arbitration proceedings regarding ancillary copyright failed], heise.de, October 28, 2015, http://bit.ly/1NPyayF.

106 “Nach gescheitertem Schiedverfahren: VG Media reicht Klage gegen Google ein” [After failed arbitration: VG Media files lawsuit against Google], Urheberrecht.org, January 10, 2016, http://bit.ly/2cZHsiP.

107 See section 41a of the Telecommunications Act.

108 Stefan Krempl, “Bundestag will Netzneutralität nicht umfassend absichern” [Federal parliament does not want to safeguard net neutrality comprehensively], heise.de, November 13, 2015, http://bit.ly/2eeGM9h.

109 Chris Baraniuk, “European Parliament votes against net neutrality amendments,” Bbc.com, October 27, 2015, http://bbc.in/1jOhTAs; See also: Tomas Rudl, “EU-Parlament beschließt umstrittene Netzneutralitätsregeln” [EU Parliament enacts controversial net neutrality rules], Netzpolitik.org, October 27, 2015, http://bit.ly/1ids9R5.

110 “BEREC Guidelines on the Implementation by National Regulators of European Net Neutrality Rules,” August 30, 2016, http://bit.ly/2fdSy3H.

111 Amar Toor, “Europe’s net neutrality guidelines seen as a victory for the open web,” The Verge, August 30, 2016, http://bit.ly/2c88eSd.

112 Judith Horchert, “Netzpolitik.org: Solidarität mit den #Landesverrätern” [Netzpolitik.org: Solidarity with the traitors], Spiegel Online, July 31, 2015, http://bit.ly/2dEWcSw.

113 Campaign website, http://ausnahmslos.org/english.

114 See Twitter post: http://bit.ly/2d3mrii.

115 “Twitter-Kampagne gegen sexualle Gewalt” [Twitter campaign against sexualized violence], Zeit Online, January 11, 2016, http://bit.ly/1PScaEm.

116 Ingo Dachwitz, “Wir fordern: NoPNR! Videoaktion gegen die EU-Vorratsdatenspeicherung von Reisedaten” [We demand: NoPNR! Video campaign against the EU retention of passenger name records], Digitale Gesellschaft, January 27, 2016, http://bit.ly/2e0tE4J.

117 BVerfG [Federal Constitutional Court], Provisions in the North-Rhine Westphalia Constitution Protection Act (Verfassungsschutzgesetz Nordrhein-Westfalen) on online searches and on the reconnaissance of the internet null and void, judgment of February 27, 2008, 1 BvR 370/07 Absatz-Nr. (1 - 267), http://bit.ly/1YVssS3; See also: Press release no. 22/2008, http://bit.ly/2dnoChN. For more background cf. Wiebke Abel/Burkhard Schaferr, “The German Constitutional Court on the Right in Confidentiality and Integrity of Information Technology Systems – a case report on BVerfG,” NJW 2008, 822”, 2009, 6:1 SCRIPTed 106,http://bit.ly/2dNZSCJ.

119 Code of Criminal Procedure (StPO), § 53 (1) 5, http://bit.ly/1O9zcXz.

120 “Endlich! Unabhängige Datenschutzbehörde für Deutschland” [Finally! Independent data protection agency for Germany], Datenschutzbeauftragter-info.de, August 27, 2014, http://bit.ly/1jE9tv3.

121 “Bundesdatenschutz-Behörde wird 2016 unabhängig” [Office oft he Federal Commissioner for Data Protection will become independent in 2016], N-TV.de, December 30, 2015, http://bit.ly/2eeGkYL.

122 “Netzpolitik.org: Bundesanwaltschaft ermittelt gegen Journalisten wegen Landesverrats” [Federal prosecutor’s office investigates against journalists for treason], Spiegel.de, July 30, 2015, http://bit.ly/1H6QXiu.

123 Martin Klingst, “Wer wann was verbockt hat” [Who failed when regarding what], Zeit Online, August 11, 2015, http://bit.ly/2eeFYl3.

124 Markus Beckedahl, “#Landesverrat: Wir müssen davon ausgehen, umfassend vom Bundeskriminalamt überwacht zu werden” [#Treason: We have to assume that we are under thorough surveillance by the Federal Criminal Police Office], Netzpolitik.org, August 7, 2015, http://bit.ly/2e0tla5.

125 Alison Smale, “Angela Merkel Draws Criticism for Allowing Turkey’s Case Against Comic,” The New York Times, April 15, 2016, http://nyti.ms/1V6IlVG.

126 Hasnain Kazim “Erdogan's Demand for Legal Action Puts Merkel in a Bind,” Spiegel, April 12, 2016, http://bit.ly/2fdOL6z.

127 “German Television Pulls Satire Mocking Turkey’s Erdogan,” The Intercept, April 1, 2016, http://bit.ly/1MJVG3r.

128 “Germany drops Turkey President Erdogan insult case,” BBC, October 4, 2016, http://bbc.in/2fAgzm6.

129 See Bundeszentrale für politische Bildung [Federal agency for political education], “Volksverhetzung” [incitement to hatred], http://bit.ly/2eoHnab.

130 BVerfG, [Federal Constitutional Court] 1 BvR 2150/08 from November 4, 2009, Absatz-Nr. (1 - 110), http://bit.ly/1KWt940; See also: Press release no. 129/2009 of 17 November 2009, Order of 4 November 2009 – 1 BvR 2150/08 – § 130.4 of the Criminal Code is compatible with Article 5.1 and 5.2 of the Basic Law, http://bit.ly/2e0uK0C.

131 See for example: Pia Ratzesberger, “Verurteilt wegen Hasskommentaren auf Facebook” [Convicted for hateful comments on Facebook], sueddeutsche.de, February 3, 2016, http://bit.ly/1P8Luzi; Lisa Steger, “Hennigsdorfer soll Geldstrafe wegen Volksverhetzung zahlen” [Person from Hennigsdorf fined for incitement to hatred], rbb-online.de, April 26, 2016, http://bit.ly/2d3m8Uz; “Bewährungsstrafe wegen Facebook-Hetze gegen Flüchtlinge” [Suspended sentence for incitement against refugees on Facebook], Zeit Online, October 16, 2015, http://bit.ly/1PKYR6U.

132 “Spionageaffäre: Union und SPD einigen sich auf NSA-Sonderermittler Graulich” [Espionage affair: CDU and SPD agree on NSA special investigator Graulich], Spiegel Online, July 1, 2015, http://bit.ly/2eeGe3i.

133 Maik Baumgärtner and Martin Knobbe, “Geheimdienstaffäre: Sonderermittler spricht von klarem Vertragsbruch der NSA” [Espionage affair: special investigator talks about clear breach of agreement], Spiegel Online, October 30, 2016, http://bit.ly/2dEVl4d.

134 “NSA und BND: Opposition kritisiert Bericht zur Geheimdienstaffäre” [NSA and BND: opposition criticizes report on espionage affair], Spiegel Online, October 31, 2015, http://bit.ly/2dO0gkx.

135 Thorsten Denkler, “Zweifel an der Unabhängigkeit” [Independence in doubt], Sueddeutsche.de, November 4, 2015, http://bit.ly/2dCQ6Bz.

136 Andre Meister, “Wir veröffentlichen den Gesetzentwurf zur BND-Reform: Große Koalition will Geheimdienst-Überwachung legalisieren” [We are publishing the draft of the BND reform: grand coalition wants to legalize surveillance], Netzpolitik.org, June 6, 2016, http://bit.ly/212OKAs; See also: “Germany’s intelligence service reform stokes controversy,” Euractiv.com, October 21, 2016, http://bit.ly/2dQ3iUL.

137 “Überwachung: SPIEGEL im Visier von US-Geheimdiensten” [Surveillance: SPIEGEL in U.S. intelligence services’ crosshairs], Spiegel Online, July 3, 2015, http://bit.ly/2e0tU3X.

138 Falk Steiner, “Neuer Bundestrojaner steht kurz vor der Genehmigung” [New federal Trojan horse to be approved soon], Deutschlandfunk.de, February 22, 2016, http://bit.ly/20PKsLM.

139 Tomas Rudl, “’Stille SMS’: Bundeskriminalamt verschickte fünf Mal so viele wie im ersten Halbjahr“ [Stealth ping: BKA sent five times as many as in the first half oft he year], Netzpolitik.org, January 20, 2016,http://bit.ly/23gmo8O.

140 Bundesamt für Justiz [Federal Office of Justice], “Übersicht Telekommunikationsüberwachung (Maßnahmen nach §100a StPO) für 2015”, July 14, 2016 [Summary of telecommunication surveillance for 2015],http://bit.ly/2e2ktVI.

141 Bundesamt für Justiz, “Übersicht Verkehrsdatenerhebung (Maßnahmen nach § 100g StPO) für 2015” [Summary of traffic data collection for 2015], July 22, 2016, http://bit.ly/2dMGVis.

142 These are aggregated figures related to the three areas of risk in which scanning took place according to the report of the Parliamentary Control Panel. See: Deutscher Bundestag, Drucksache 18/7423, January 29, 2016, p.7 et seq., http://bit.ly/2e0t8Ui. Note that the numbers presented annually do not refer to the last year but to the year before, i.e. 2014. The Parliamentary Control Panel periodically reports to the parliament and nominates the members of the G10 Commission. The G10 Commission controls surveillance measures, and is also responsible for overseeing telecommunications measures undertaken on the basis of the Counterterrorism Act of 2002 and the Amendment Act of 2007.

143 See the report of the Parliamentary Control Panel: Deutscher Bundestag, Drucksache 18/7423, January 29, 2016, p. 7-8, http://bit.ly/2e0t8Ui.

144 Bundesverfassungsgericht [Federal Constitutional Court], Provisions in the North-Rhine Westphalia Constitution Protection Act (Verfassungsschutzgesetz Nordrhein-Westfalen) on online searches and on the reconnaissance of the Internet null and void, judgment of February 27, 2008, 1 BvR 370/07; For more background cf. W Abel and B Schafer, “The German Constitutional Court on the Right in Confidentiality and Integrity of Information Technology Systems – a case report on BVerfG”, NJW 2008, 822, (2009) 6:1 SCRIPTed 106, http://bit.ly/2dNZSCJ.

145 Dirk Heckmann, “Anmerkungen zur Novellierung des BKA-Gesetzes: Sicherheit braucht (valide) Informationen” [Comments on the amendment of the BKA act: Security needs valid information], Internationales Magazin für Sicherheit nr. 1, 2009, http://bit.ly/1KWuRm6.

146“Anti-Terror-Gesetze gelten bis 2021“ [Anti terror laws in force until 2021], Tagescchau.de, November 27, 2015, http://bit.ly/2cZGl2H.

147 Bundesrat, “Mehr Rechtssicherheit bei Bestandsdatenauskunft” [More legal certainty for stored data inquiry], Press release no. 251/2013, May 3, 2013, http://bit.ly/1j5NgWK.

148 Two independent studies from by the Universität of Bielefeld (2003: Wer kontrolliert die Telefonüberwachung? Eine empirische Untersuchung zum Richtervorbehalt bei der Telefonüberwachung“ [Who controls telecommunication surveillance? An empirical investigation on judicial overview of telecommunication surveillance], edited by Otto Backes and Christoph Gusy, 2003) and Max-Planck-Institut Institute for Foreign and International Criminal Law (Hans-Jörg Albrecht, Claudia Dorsch, Christiane Krüpe 2003: Rechtswirklichkeit und Effizienz der Überwachung der Telekommunikation nach den §§ 100a, 100b StPO und anderer verdeckter Ermittlungsmaßnahmen [Legal reality and efficiency of wiretapping, surveillance and other covert investigation measures], http://www.mpg.de/868492/pdf.pdf) evaluated the implementation of judicial oversight of telecommunication surveillance. Both studies found that neither the mandatory judicial oversight nor the duty of notification of affected citizens are carried out. According to the study by the Max Planck Institute, only 0.4 percent of the requests for court orders were denied.

149 Court of Justice of the European Union, “The Court of Justice declares the Data Retention Directive to be invalid,” press release No 54/14, April 8, 2014, http://bit.ly/1svi4QN.

150 “Bundestag beschließt Vorratsdatenspeicherung“ [Bundestag enacts data retention], Faz.net, October 16, 2015, http://bit.ly/2e0seXT.

151 Markus Beckedahl, “CDU verspricht Verfassungsschutz den Zugriff auf Vorratsdatenspeicherung und mehr Staatstrojaner” [CDU promises domestic intelligence agency access to data retention and more state Trojan horses], Netzpolitik.org, January 13, 2016, http://bit.ly/2dW17S5.

152 Jakob May, “Weitere Verfassungsbeschwerde gegen Vorratsdatenspeicherung eingereicht” [Further constitutional complaint against data retention filed], Netzpolitik.org, January 27, 2016, http://bit.ly/1nQGru9.

153 Telecommunications Act (TKG), § 111, http://bit.ly/2dNZTqh.

154 Anna Sauerbrey, “Innenminister Friedrich will Blogger-Anonymität aufheben” [Federal Minister of Interior wants to abolish anonymity of bloggers], Tagessspiel online, August 7, 2011, http://bit.ly/2dCQ2BX.

155 “BGH weist Auskunftsanspruch gegen Internet-Portal zurück” [Federal Court of Justice rejects claim to disclosure against internet portal], Zeit.de, July 1, 2014, http://bit.ly/1iUs1Xa.

156 Matthias Monroy, “BKA auf EU-Ebene weiterhin gegen ’Anonymisierung und Verschlüsselung’ aktiv” [BKA continues to be active against ’anonymization and encryption’ on the EU level], Netzpolitik.org, January 6, 2016, http://bit.ly/2dJQi1z.

157 BSI, “Cyber-Sicherheits-Umfrage 2015” [Cyber security survey 2015], October 5, 2015, http://bit.ly/2dCOZSo.

158 Marie Rövekamp, “Findet den Trojaner!“ [Find the Trojan horse!], Zeit Online, August 11, 2015, http://bit.ly/2dJOky7.

159 Anna Biselli, “Wir veröffentlichen Dokumente zum Bundestagshack: Wie man die Abgeordneten im Unklaren ließ” [We are publishing documents concerning the Bundestag hack: how the members of parliament were left in the dark], Netzpolitik.org, March 7, 2016, http://bit.ly/2dEUqAN.

160 Anna Biselli, “Heute im Bundestag Verabschiedung des IT-Sicherheitsgesetzes – ein Überblick” [Today in the parliament enactment of the IT security law – an overview], Netzpolitik.org, June 12, 2015,http://bit.ly/1FcCwIH.