Germany’s network infrastructure for information and communication technologies (ICTs) is well developed, and its overall internet penetration rate is above the European Union (EU) average; in 2019, 94 percent of German residents used the internet.1 According to 2018 ITU data, the country’s fixed broadband penetration rate was 36.3 percent and its mobile broadband penetration rate was 81.6 percent.2

The most widely used mode of fixed-line internet access is still DSL (digital subscriber line), with 25.2 million connections in 2019. Fiber-optic and other connections are becoming more widespread and increased slightly to 9.4 million connections in 2019, up from 9.2 million in 2018.3 Connections with speeds of more than 50 Mbps are available in about 90 percent of German households.4 However, a recent assessment shows that most households do not actually receive the maximum data transmission rate as stated by the providers.5 Despite earlier promises by the government to quickly provide high-speed internet access to every household in Germany,6 the expansion of fixed-broadband infrastructure has stagnated, and the government failed to hit its own target of ensuring every household had an internet connection with a connection speed of at least 50 Mbps by the end of 2018.7 Andreas Scheuer, the federal minister of transport and digital infrastructure since March 2018, has been criticized for misallocating federal funds earmarked for improving broadband connectivity.8 A reliance on copper cable vectoring by domestic internet service providers (ISPs) has also been criticized as potentially impeding fiber-optic expansion.9

In 2018, internet access via mobile devices increased: 74 million people in Germany regularly accessed the internet via universal mobile telecommunications service (UMTS) or long-term evolution (LTE), technology compared with 68 million in the previous year.10 The total data volume increased from almost 2 billion GB in 2018 to 2.7 billion GB in 201911 Germany is ranked ninth worldwide in terms of smartphone penetration by analytics company Newzoo, with 65.9 million people (80 percent of the population) using a smartphone as of May 2020.12

In April 2020, the Federal Network Agency for Electricity, Gas, Telecommunications, Post, and Railway (BNetzA) found that all three German LTE providers failed to fully meet obligations to cover 98 percent of all households and all motorways and railways with a minimum transmission rate of 50 Mbps by the end of 2019. The BNetzA announced that it will issue sanctions if the obligations are not met by December 2020.13

The availability of public internet connections has been historically low in Germany compared to other industrialized countries.14 However, recent legal changes have led to an increase of publicly available Wi-Fi hotspots, including in cafés and high-speed trains (see B3). Furthermore, the decision—unapproved as of the end of the coverage period—to designate free community Wi-Fi providers as not-for-profit enterprises, which entails considerable tax advantages, would be expected to increase the availability of public internet connections (see A2).

According to January 2020 data, the average download speed for a fixed-broadband connection in Germany was 79.31 Mbps, while that of a mobile broadband connection was 36.29 Mbps.15 Average speeds in Germany are slower than those in neighboring France but higher than those in the United Kingdom.

“Telecommunication services” have become slightly less expensive, decreasing in price by about 0.5 percent from 2018 to 2019, according to the most recent official statistics.16 In 2019, expenses for such services amounted to 2.5 percent of available household income.17 The 2020 Inclusive Internet Index ranks Germany 20th out of 100 countries in affordability.18

Persistent differences in internet usage according to people’s levels of income demonstrate that prices continue to be a barrier for people with low incomes and the unemployed.19 Some 96 percent of German residents with jobs use the internet while 71 percent of the unemployed do.20 The industrial initiative D21 has also found a significant discrepancy in access between households that earn less than €1,000 ($1,100) per month, compared to households that make €3,000 ($3,300) or more per month.21 Relatedly, 97 percent of highly educated German residents (with university degrees) use the internet, while just 64 percent of low-educated residents (without secondary school degrees) do.22 The use of mobile internet devices by low-educated residents has increased by 10 percent since 2018.23 Although Germany’s Federal Court of Justice has ruled that access to the internet is fundamental for everyday life, the cost of internet access is still not adequately reflected in basic social benefits.24 In March 2017, the Federal Council, the Bundesrat, designated providers of free community wireless networks as not-for-profit enterprises, which entails considerable tax advantages. However, that decision has yet to be approved by the parliament, the Bundestag.25

There are also gender and age gaps when it comes to accessing the internet in Germany, though they are gradually getting smaller. While 91 percent of men used the internet every day or almost every day in 2019, 88 percent of women did.26 While 99 percent of those aged 16-44 use the internet every day or almost every day, frequent usage remains at 70 percent among those over 65.27

Furthermore, slight differences in internet use exist between Germany’s western region and its eastern region, which was formerly the communist German Democratic Republic. The only three German states where popular internet usage is lower than 80 percent are in the eastern region. This gap has remained stable over the past few years.28 Meanwhile, the gap in internet use between the urban centers (of 500,000 people or more) and rural areas is still 6 percentage points.29

The German government does not impose restrictions on ICT connectivity. Germany’s telecommunications infrastructure is largely decentralized and the variety of regional providers is unique. There are more than a hundred internet backbone providers in the country.30

Privatized in 1995, the formerly state-owned Deutsche Telekom remains the only company that acts as both a backbone provider and an internet service provider (ISP). However, the German state owns less than a third of its shares, which crucially limits government control.31 There are a number of connections in and out of Germany, the most important being the DE-CIX (German Commercial Internet Exchange), which is located in Frankfurt. It is privately operated by Eco, the professional association of the German internet industry.32

According to the BNetzA, there was no legal basis for internet shutdowns or connectivity restrictions on the federal level as of 2016.33 However, some state-level legislation on the powers of police authorities grants limited restriction measures (see C5).

The telecommunications sector was liberalized in the 1990s with the aim of fostering competition. Commercial service providers must notify the BNetzA prior to beginning their operations, but do not need licenses.34

The incumbent Deutsche Telekom’s share of the fixed broadband market was 39.4 percent in 2019, a slight decline from its position in 2018 and a sign of increasing competition.35 Vodafone’s market share expanded notably by the acquisition of the cable company Unitymedia from 19.9 percent in 2018 to 30.6 percent. Other ISPs with significant market share include 1&1 with 12.4 percent and O2-Telefónica with 6.4 percent.36 Public subsidies for increasing broadband connectivity have been criticized for favoring Deutsche Telekom.37

For mobile internet, German users can choose from three major service providers: Vodafone with a 35.7 percent market share; Telefónica Deutschland, with 32.2 percent and T-Mobile (Deutsche Telekom), with 32.1 percent.38 In August 2019, Drillisch Netz AG joined Deutsche Telekom, Vodafone, and Telefónica in securing fifth-generation (5G) technology spectrum frequency blocks, diversifying the mobile network operators in Germany.39

Internet access, both broadband and mobile, is regulated by the BNetzA, which has operated under the supervision of the Federal Ministry of Economic Affairs and Energy since early 2014.40 The president and vice president of the agency are appointed for five-year terms by the federal government, following recommendations from an advisory council consisting of 16 members from the Bundestag and 16 representatives from the Bundesrat.41 The German Monopolies Commission and the European Commission (EC) have both criticized this highly political structure and the concentration of important regulatory decisions in the presidential chamber of the BNetzA.42

In addition to these institutional concerns, regulatory decisions by the BNetzA have been criticized for providing a competitive advantage to Deutsche Telekom, the former state-owned monopoly.43 These concerns were amplified in late 2015, when BNetzA presented a proposal to allow Telekom to implement vectoring, a technology that is capable of boosting the bandwidth of DSL connections on preexisting copper lines.44 This arrangement sparked criticism given that, in order to function as intended, the technology requires a single operator to remain in charge of all copper lines. In turn, unbundling and redistributing individual connections becomes more difficult, and the managing operator (Telekom) would end up in a privileged market position.45 After the Monopolies Commission first voiced its concerns in December 201546 and the EC instigated formal review proceedings in early 2016,47 the Federal Chancellery finally announced the end of public support for vectoring in March 2018.48

The government rarely blocks websites or internet content,49 though a few blocks have been imposed by state actors in recent years. All major social media platforms and international blog-hosting services are freely available.

In February 2018, a regional court in Munich instructed the service provider Vodafone to block the video-streaming website kinox.to, in response to a film distributor’s complaint that the site was hosting content in violation of copyright law.50 Vodafone customers are rerouted to a different website when they try to access kinox.to. The injunction marked the first court-ordered blocking of a pirate website in Germany. The decision, which was appealed by Vodafone51 but upheld in June 2018,52 has been criticized as both ineffective and excessive.53 Nevertheless, a month later, Vodafone reportedly began blocking Library Genesis, a website that hosts pirated copies of articles and books, after receiving a similar court order.54 A 2015 Federal Court of Justice ruling empowered copyright holders to seek such injunctions against pirate websites (see B3).55

In December 2018, Vodafone began blocking the streaming websites bs.to and s.to in response to a complaint from the rights holder of the television series Das Boot.56 In March 2019, Vodafone began blocking the file-sharing forum boerse.to in response to a copyright complaint from the music rights group GEMA.57

Most content-removal issues in Germany relate to the removal of search engine results (de-indexing) rather than actual deletions of content. However, pressure on social media companies to remove content from their platforms has increased since the implementation of the Network Enforcement Act (NetzDG), which imposes severe fines if certain illegal content is not removed promptly (see B3).

Under the law, social media companies that receive over 100 content-related complaints each year must disclose how they handled those complaints every six months. These complaints came from either users or complaints bodies, such as children’s’ rights watchdog Jugendschutz.net. According to an analysis from the Center for European Policy Studies, “NetzDG has failed to generate any additional press reports of dubious false positives” since a series of January 2018 controversies.58 However, the chilling effects of the NetzDG, which have been a major point of contention, are difficult to measure and remain a concern.

Since NetzDG came into effect on January 1, 2018, a series of controversial content removals have been reported. In January 2018, Twitter deleted several satirical posts and accounts, including a post by author and poet Sophie Passmann59 and the entire account of the satirical magazine Titanic.60 While Twitter did not explicitly mention NetzDG in these cases, it stated that Passmann’s post had been retracted on the basis of local laws. Titanic’s account remained blocked for 48 hours; after Twitter reactivated it, at least five of its earlier posts remained unavailable in Germany.61 These removals and the January 2018 case of leftist politician Jörg Rupp‘s deleted Twitter post and Facebook post illustrated a fundamental problem with the law: if taken out of context, posts on social media platforms may fall within the scope of hate speech provisions embedded in Germany’s criminal code.62

Between July and December 2019, social media platforms disclosed that thousands of items had been removed or blocked because of complaints. Facebook reported 1,043 items were blocked or removed in response to complaints.63 TikTok reported 1,050 complaints, with 50 content was blocked or removed as a result.64 Twitter reported that it blocked or removed 137,171 items during the same period.65 Google disclosed that 71,807 items were blocked or removed on YouTube. Additionally, between January and June 2019, 285 items on Google+ were blocked or removed.66

There are doubts as to the completeness and clarity of these disclosures. In July 2019, the government accused Facebook of underreporting its content blocking and removal statistics, issuing the company a fine of two million euros ($2.2 million). The Federal Ministry of Justice argued that, by counting only certain categories of complaints, Facebook had created an incomplete picture of the extent of violations on its platform.67

Separately, the government also issues content removal requests. According to Google’s transparency report for the first half of 2019, the company received 273 takedown requests from the German courts and other public authorities. The most common reason for these requests (57 percent of cases) was defamation, followed by “privacy and security” concerns, “business complaints,” and “adult content.” Google acceded to 57 percent of these requests. 68 Meanwhile, Twitter received 44 content removal requests from German authorities between January and June 2019. The company complied with 32 percent of these requests. 69 Facebook did not specify government requests to remove content in public disclosure data.70

Under a 2014 EU Court of Justice (CJEU) decision on the “right to be forgotten” (RTBF),71 Google and other search engines are required to remove certain search results if they infringe on the privacy rights of a person and that person formally requests the action (see B3).

Since then Google has assessed some 945,112 requests to delist search results across the EU, affecting more than 3.5 million URLs, with over 149,000 coming from Germany alone.72 For Germany, roughly half of the 444,234 requests made during this report’s coverage period resulted in a delisting by Google. The majority of requests—89 percent—were made by private individuals. Between July and December 2019, Microsoft received 457 RTBF delisting requests, covering 11,505 URLs.73 The company delisted 35 percent of those URLs.

In the spring of 2019, social media companies began implementing more restrictive policies in order to prevent the spread of disinformation in the run-up to the May 2019 European Parliament elections. While companies are not legally bound to undertake such measures, the European Commission had called for voluntary action pursuant to its Code of Practice against disinformation.74 The new policies have led to the temporary suspension of accounts and the deletion of posts which made humorous—and legal—comments on the elections. For example, information technology lawyer Thomas Stadler ironically posted on Twitter in March 2016 that voters who support the right-wing Alternative für Deutschland party should sign their ballots, which would render them invalid. In 2019 he was consequently blocked from accessing his Twitter account for a period of two days. The new policies were criticized by activists as infringing upon freedom of expression.75

German copyright law has been criticized repeatedly for its use to hinder the publishing of sensitive information on topics of public interest, especially as many online platforms automatically remove content that reportedly breach copyright law, so as to avoid lawsuits. In December 2019, the Federal Institute for Risk Assessment (BfR) sued the platform FragDenStaat for publishing a government-issued report on health risks caused by the herbicide glyphosate, alleging copyright infringement. The BfR won a previous copyright lawsuit over the report, which was obtained under the Information Freedom Act, but their court injunction was cancelled due to a procedural error.76 In March 2020, journalists uncovered a German company with ties to the Albanian government using automated copyright enforcement to systematically remove online content posted by independent Albanian media and activists.77

In January 2020, a federal administrative court dismissed a lawsuit challenging the ban of the platform linksunten.indymedia for lack of standing; former minister of the interior Thomas de Maizière had ordered the ban alleging that the platform violated the law of association by organizing violent riots during the G20 summit in Hamburg. The operators of the website were forced to shut down its host server and social media accounts in August 2017 in order to enforce the ban.78

In 2016, satirist Jan Böhmermann came under criminal investigation for a provocative poem mocking Turkish president Recep Tayyip Erdoğan. Erdoğan then filed a civil libel lawsuit against Böhmermann, which led to the deletion of the poem’s recital from the website of a public television channel (see C2).

Restrictions on online content in Germany generally meet minimum requirements for transparency, proportionality, and independent appeal.

NetzDG, which was approved in June 201779 and came into effect on January 1, 2018, obliges social media platforms with more than 2 million registered users in the country to investigate and delete flagged content, or otherwise face hefty fines.80 If the flagged content is “obviously illegal,” the company must block or remove it within 24 hours; if otherwise illegal, the content must be blocked or removed within seven days. Under NetzDG, illegality is defined in relation to 22 articles in Germany’s criminal code (see C2).81 After making a decision to delete or preserve flagged content, the company has to inform both the complainant and the user who uploaded the content. If it fails to meet any of these requirements, the company could face fines of up to €50 million ($55 million) (see B6).82 An amendment to NetzDG passed in June 2020 requires companies to share the personal information of users reported for hate speech to the BKA (see C6).

In April 2020, the government introduced an amendment to the NetzDG to improve user rights under the law. The amendment would strengthen individuals’ rights against deletion and the appeals process, ease reporting channels for users, and enhance the quality of transparency reports. It remained under consideration in the Bundestag at the end of the coverage period.83

In April 2019, the European Parliament passed a regulation aimed at “tackling the dissemination of terrorist content online” which, among other things, would require platforms to delete content within one hour of receiving a removal order from authorities.84 Platforms that routinely fail to do so could be fined 4 percent of their overall annual revenue (see B6). Critics have voiced concerns that ambiguity surrounding the definition of “terrorist content” and the short timeline for removing such content will lead companies to “remove speech first and ask questions later,” possibly through automatic filters.85 The resolution has not yet entered into force as it must be approved by other EU bodies.

On the EU level, discussions on online filters for terrorist propaganda started in 2017. In March 2017, Facebook, Microsoft, Twitter, and YouTube launched the prototype of an upload filter based on a shared database to suppress terrorist and extremist content.86 In March 2018, the European Commission recommended that social media platforms expedite and broaden this approach.87 Such upload filters have been criticized for infringing on freedom of expression, not least because they do not seem limited to terrorist and extremist content, despite claims to the contrary.88

Issues related to copyright law have figured prominently in discussions around internet freedoms in Germany. In March 2019, the European Parliament passed the Directive on Copyright, which the European Council then approved in April 2019.89 The directive imposes a so-called link tax, which grants online publishers the right to charge aggregators like Google News for excerpting proprietary content, such as news articles (see B6).90 It also makes content-hosting and content-sharing platforms such as YouTube liable for copyrighted material uploaded by users.91 Observers have warned that this reform could lead to the implementation of “upload filters” on such platforms. These could preemptively block legitimate online content such as parodies and remixes, inhibiting online expression.92 Member states of the EU have two years to adopt these provisions into their national laws. The political parties comprising Germany’s current government have pledged to prevent the implementation of upload filters, though how they will uphold this pledge is unclear.93

The EU Commission organized stakeholder dialogues concerning the controversial paragraph in the copyright directive regarding the implementation of upload filters in October 2019.94 Since then the German federal justice department has communicated their willingness to avoid upload filters if possible. In June 2020, after the coverage period, the Federal Ministry of Justice released a draft discussion on how to implement the directive without imposing upload filtering. However, without an explicit prohibition on filters by law, the public remains skeptical that they won’t be implemented.95

Companies can be held liable for illegal content under the Telemedia Act. The law distinguishes between full liability for one’s own content and limited “breach of duty of care” (Störerhaftung) for service providers and host providers of third-party content.96 Additional blocking and filtering obligations for hosting providers were put in place by the Federal Court of Justice in the 2012 Alone in the Dark case.97 In this case, game publisher Atari sued the file-hosting service Rapidshare for copyright violations concerning the Alone in the Dark title. Though the court did not hold Rapidshare liable for direct infringement, they found that Rapidshare neglected its monitoring obligations under the “breach of duty of care” standard.98 In a subsequent decision, the Federal Court of Justice substantiated and further extended the duties of the content host: if the business model of a service aims to facilitate copyright infringements, the company is considered less worthy of immunity from intermediary liability.99 As a consequence, hosting providers are required to monitor their own servers and search for copyright-protected content as soon as they have been notified of a possible violation.100

While ISPs are not required to proactively monitor the information of third parties on their servers, they become legally responsible as soon as they gain knowledge of violations or violate due diligence requirements.101

In 2015, the Federal Court of Justice ruled that the blocking of a website may be ordered as a last resort if it is the only means for a copyright holder to effectively end rights infringement on that website.102 In such cases, after an assessment of all relevant circumstances, the owner of the copyright may ask an ISP to block the website in question. If the provider refuses, a court can intervene. The decision has been subject to criticism, with detractors noting that blocking is considered easy to circumvent and thus ineffective.103

The protection of minors constitutes an important legal basis for extant regulation of online content.104 Youth protection on the internet is principally addressed by Germany’s states through the Interstate Treaty on the Protection of Human Dignity and the Protection of Minors in Broadcasting and Telemedia (JMStV). The JMStV bans content similar to that outlawed by the criminal code, such as the glorification of violence and sedition, and provides a framework for age restrictions on content without specifying measures to implement them.105 A controversial provision of the JMStV reflects the regulation of broadcast media: adult-only content on the internet, including pornography, may only be made available in a way that verifies the age of the user.106 The JMStV enables the blocking of content if other actions against offenders fail and if such blocking is expected to be effective.

The search engine delisting process under the “right to be forgotten” follows guidelines developed by an advisory group of experts, aiming to strike a balance between the “right to be forgotten” on the one hand and freedom of expression and information on the other.107 Under the new General Data Protection Regulation (GDPR), which took effect on May 25, 2018, the “right to be forgotten” is now part of codified data protection law across the EU.108

In June 2017, the ruling coalition in the federal parliament enacted a law that abolished most legal liability for providers of open wireless networks, or hotspots. For years, the number of free, public Wi-Fi hotspots in Germany remained low, as providers feared potential negative legal consequences if their networks were used for illegal activities.109 While the new law was generally viewed positively by experts, it drew some criticism as well, as it could allow copyright holders to coerce hotspot providers into blocking certain websites or content that are known to violate copyright or other laws.110 Under the law, copyright holders have a claim to blocking measures which can include blocking of websites infringing on their rights by the hotspot provider. In a case discussed publicly in 2018 the Federal Court reinforced this legislation stating that copyright holders may coerce hotspot providers to shut down access to certain content or set up password locks and user registration mechanisms.111

To date, self-censorship online has not been a significant or well-documented problem in Germany. Still, there are some rules reflected in the publishing principles of the German press that may constrain some journalists’ online speech. This self-binding code of ethics forms the basis for the evaluation of possible complaints from the public. It includes 16 provisions and is centered on the protection of human dignity.112

On the other hand, the criminal code and JMStV clearly define and prohibit content such as child sexual abuse imagery, racial hatred, and the glorification of violence.

The NetzDG has been criticized for leading to a potential chilling effect on content posted online (see B3). There is, however, a lack of evidence that these restrictions have led to significant levels of self-censorship. A proposed amendment to NetzDG would target online hate speech and hate crimes for prosecution (see B2). In a statement commenting on the amendment, the German Federation of Journalists voiced its concern that the exposure to threats and defamation online might lead to self-censorship.113

In general, Germany’s online information landscape is free from content manipulation. While there were concerns about the proliferation of disinformation leading up to the September 2017 federal elections, no decisive impact was documented. Nevertheless, those concerns prompted legislators to push for controversial legal solutions with potential implications for freedom of expression online. Proposed solutions were not precisely defined and included identifying or even prohibiting bots. Some definitions under discussion would cover human accounts on online platforms, which would then be targeted.114 So far, no specific and binding measures have been implemented.

In the aftermath of the elections for the European Parliament, which took place in May 2019, experts concluded that disinformation only had a small impact on the vote results.115 Research conducted by the Oxford Internet Institute showed that, in proportion to professional news, what it termed “junk news” was only present with a ratio of 1 to 10. Sources of junk news consisted mostly of domestic media outlets with alternative or partisan perspectives. False news stories mostly featured content relating to immigration, religion, and terrorism.

While individual internet users face few economic or regulatory obstacles to publishing content online, German law exposes companies such as social media platforms or hosting providers to substantial financial penalties.

The NetzDG law (see B3) imposes hefty fines on social media companies that fail to comply with content-removal and reporting requirements. Moreover, the law has forced social media companies to set up expensive internal systems to comply with its requirements. Facebook, Google, Twitter, and TikTok collectively employ thousands of people to review complaints submitted under NetzDG. If and when it enters into force, the EU terrorist content regulation could impose even heftier fines on these companies and would necessitate the hiring of many more personnel. Consequently, both NetzDG and the EU terrorist content regulation make it more difficult for new companies to enter the German market.

In May 2020, the heads of the federal state governments signed a new Interstate Media Treaty (MStV) to replace the existing Interstate Broadcasting Treaty—which regulates radio broadcasting in Germany—and to establish regulations for new forms of media outlets.116 The MStV, which must be ratified by state parliaments before it takes effect, would introduce a license requirement for YouTubers and others who create online video content that consistently reaches at least 20,000 viewers. Additionally, journalistic online outlets will be subject to a self-regulation institution similar to the German Press Council, with penalties for refusal to comply or for the repeated distribution of disinformation. The MStV also imposes algorithmic transparency and nondiscrimination requirements on major online platforms that aggregate third-party content, such as Google, Facebook, and Apple.117 Politicians and civil society organizations have voiced their concerns regarding freedom of speech and media choice. A consortium of representatives from the press and digital media have criticized the Treaty for its paternalistic stance toward consumers and its limiting of user autonomy.118

In April 2017, the federal parliament incorporated EU rules on net neutrality into domestic law.119 However, observers remarked that several plans from ISPs and mobile phone providers, such as Deutsche Telekom’s “Stream On,” Vodafone’s “Vodafone Pass,” or O2’s “Unlimited” plan, violate strict net neutrality by favoring certain services, including video streaming services.120 BNetzA subsequently prohibited parts of “Stream On” for breaching net neutrality principles121 and is currently looking into the other two zero-rating services. Fines for violating net neutrality laws can reach a maximum of €500,000 ($550,800), relatively low compared to other European states.122 After a summary proceeding in the regional court of Nordrhein-Westfalen, Telekom was forced to implement the official requirements in August 2019. However, the lawsuit was moved to the European Court of Justice in January 2020 and a final judgement had yet to be made by the end of the coverage period.123

The government coalition, formed in early 2018, has reiterated its support for ancillary copyright for publishers (Leistungsschutzrecht für Presseverleger), in force since 2013.124 The regulation allows publishers to monetize excerpts that search engines display as part of their search results.125 Some fear this infringes upon constitutionally protected rights to freedom of expression and information.126 In order to limit monetization, search engines began excluding results leading to the websites of publishers that monetized their links or displayed links without the corresponding excerpts.127 In response, a publishers’ collecting society, VG Media, started antitrust proceedings against Google. In September 2015, the Federal Cartel Office decided that Google was not in violation of antitrust laws.128 Later, in November 2015, arbitration proceedings between Google and VG Media broke down when the search engine rejected VG Media’s demand for 6 percent of Google’s aggregate turnover as license fees.129 In February 2017, the first proceedings dealing with the law commenced before a Berlin district court, after VG Media filed a lawsuit against Google.130 In May 2017, the court referred the case to the European Court of Justice, which dismissed the case due to a formal error in September 2019.131 However, the issue remains somewhat unsettled, for ancillary copyright for publishers was included in the EU Copyright Directive, which was approved in April 2019 and must be implemented in national law (see B3).132

Germany is home to a vibrant internet community and blogosphere. Local and international media outlets and news sources are accessible and represent a diverse range of opinions.

During the coverage period, several civil society initiatives used the internet to conduct advocacy campaigns related to political and social issues in Germany.

Social media has also played a crucial role in the growth of the climate protection movement. The student protest movement “Fridays for Future,” which originated in Sweden and includes both weekly school strikes as well as marches, are largely organized using social media. In Berlin, the protests have been ongoing since September 2018.133 The movement has placed the issue on the national political agenda and significantly influenced public perception of the climate crisis.134 As part of the World Climate Summit, protest marches took place worldwide at the end of 2019. In September 2019, 1.4 million citizens took their climate change concerns to the streets in Germany.135 Due to the coronavirus outbreak, marches in early 2020 were cancelled and replaced with multi-platform online campaigns and protests.136

Additionally, the climate protest movement Extinction Rebellion organized and coordinated multiple strikes and roadblocks in Berlin, shutting down main roads and tourist attractions for days.137 The organizing included online gatherings as well as online campaigning.138

Article 5 of Germany’s Basic Law guarantees freedom of expression and freedom of the media. Judicial bodies operate independently, and generally support the protection of basic rights.

Since 2016, the Office of the Federal Commissioner for Data Protection and Freedom of Information has been an independent supreme federal authority, a clear upgrade from its former status as a subdivision of the Federal Ministry of the Interior.139 This change of constitutional status entailed a significantly larger budget and staff.140 Since its founding, the agency has tripled its capacities, and recently enlarged its staff to strengthen the supervision of security authorities.141

Online journalists are largely granted the same rights and protections as journalists in print or broadcast media. However, the official press card remains available only to “professional” journalists, meaning those whose journalistic activities account for at least 51 percent of their income.142 This card is often connected to granting rights of privileged access for journalists, for example, to demonstrations. Similarly, the German code of criminal procedure grants the right to refuse testimony solely to individuals who have “professionally” participated in the production or dissemination of journalistic materials.143

After two journalists from the online outlet Netzpolitik briefly faced criminal proceedings for alleged treason in 2015, Federal Minister of Justice and Consumer Protection Heiko Maas announced a bill with the aim of explicitly excluding journalists from the scope of the treason provision in the criminal code. However, the promised reform had not made any as of the end of the coverage period.144

The German criminal code includes numerous prohibitions that apply to the online realm, such as Section 130, which penalizes calls for violent measures against minority groups and assaults on human dignity.145 This provision is seen as legitimate in the eyes of many Germans, particularly because it is generally applied in the context of Holocaust denial.146 NetzDG defines illegal online content in relation to 22 provisions in the German criminal code, including Section 130. Other provisions prohibit defamation, forming a criminal or terrorist organization, and “using symbols of unconstitutional organizations.”147 In the context of NetzDG, many activists, politicians, and officials have expressed concern that these provisions are too broad. In addition to facilitating content removals, these provisions carry penalties in the form of fines and, in some cases, jail time.

After the satirist Jan Böhmermann came under criminal investigation in 2016 for a provocative poem mocking Turkish president Recep Tayyip Erdoğan, the federal parliament abolished a provision of the criminal code that penalizes insulting foreign leaders.148 Erdoğan also filed a civil libel lawsuit against Böhmermann, which led to a ban on three-fourths of the controversial poem and its deletion from the website of the television channel on which Böhmermann performed.149 Both parties appealed the judgment. In May 2018, the judgement was upheld, with an appellate court rejecting Böhmermann’s request to repeal the partial ban. At the same time, the court ruled that Erdoğan had no right to have the entire poem prohibited.150 In January 2019, Böhmermann launched a complaint with the Federal Court of Justice challenging the rejection.151 The Federal Court of Justice dismissed the appeal in July 2019, after which Böhmermann filed a complaint with the Federal Constitutional Court, Germany’s highest court, which had not yet ruled as of June 2020.152

In the context of the 2018 refugee crisis, previous years saw a surge in law enforcement investigations invoking the provision on “incitement to hatred” in the German criminal code, mostly related to hate speech against asylum seekers on social media platforms such as Facebook. As a result, there have been considerably more convictions for incitement to hatred.153 Official crime statistics document 4,486 such cases of in 2018.154 In 2019, the BKA documented 1,524 posts that fit the criminal code definition of hate speech from that year, 73 percent of which were categorized as being politically right-wing.155 In June 2018, police in 10 German states conducted raids against 29 social media users for alleged hate speech.156 The adopted amendment to the NetzDG will require larger platforms to disclose personal user data associated with postings of certain illegal content, including online hate speech, to the BKA (see C6).157

User anonymity is compromised by SIM card registration rules under the Telecommunications Act of 2004, which requires purchasers to submit their full name, address, international mobile subscriber identity (IMSI number), and international mobile station equipment identity (IMEI) number.158 Nonetheless, the principle of anonymity on the internet is largely upheld as a basic right. A 2014 decision by the Federal Court of Justice further strengthened this right, confirming that an online ratings portal was under no obligation to disclose the data of anonymous users.159

Website owners and bloggers are not required to register with the government. However, most websites and blogs need to have an imprint naming the person in charge and providing a contact address. The anonymous use of email services, online platforms, and wireless internet access points is legal. However, in May 2019 the Federal Ministry of the Interior brought forward a new initiative on mandatory backdoors for encrypted messaging services.160 The proposal has been widely criticized by civil society organizations and industry professionals, including the iRights.Lab, as it would mark the departure from longstanding proencryption policy. Experts also criticized a 2017 legislative proposal by the governing coalition to allow civil lawsuits to gain knowledge of an alleged offender’s real name in the case of violations of the right of personality online, especially defamation. Observers voiced concern that this might infringe on the right to anonymity online, if interpreted broadly.161 Discussions on this topic were still ongoing at the end of the reporting period.162

In October 2019, a man live streamed an antisemitic attack on a synagogue in Halle, Saxony-Anhalt, via the gaming platform Twitch. Following the attack, politicians from several states introduced legislation to the Bundesrat in February 2020 to require social networks and gaming platforms to collect users’ names, addresses, and date of birth, as well as proof of identity, and to hand them over to the police upon request.163 As of June 2020 the draft was passed on to the Bundestag and assigned to an expert committee.164 With further amendments to the NetzDG implemented in 2020 (see C6), the federal government has been criticized for establishing an overextended ability to access to personal user data for the BKA through private companies. In an open letter, 13 associations concerned with digital rights urged the Ministry of Justice and Consumer Protection to focus on the origin of hate crimes in general, and to stop outsourcing government’s responsibility to prevent hate speech to foreign companies.165

In March 2019, the Federal Council proposed a bill against illegal online marketplaces. It will add a new criminal penalty for offering services in Germany on the Darknet that contribute to or enable other crimes such as the spread of illegal drugs, explosives, or child sexual abuse imagery.166 The bill specifically mentions the use of the Tor browser as a vehicle to access such services. Due to its broad language, legal observers argue the scope of the bill would encompass potentially all Darknet services and therefore severely hinder the effective use of the Tor services to anonymize users’ online communication.167 Public criticism increased following the draft's first approval by the Bundesrat in summer of 2019, and the bill was still stalled at the end of the coverage period.168

Article 10 of Germany’s Basic Law guarantees the privacy of letters, posts, and telecommunications. These articles generally safeguard offline as well as online communication. A groundbreaking 2008 ruling by the Federal Constitutional Court established a new fundamental right regarding the “confidentiality and integrity of information technology systems” as part of the general right of personality under Article 2 of the Basic Law.169

A German parliamentary commission of inquiry on intelligence practices—established after former US National Security Agency (NSA) contractor Edward Snowden leaked documents exposing the various activities of US, British, and German intelligence services in 2013—completed its work in 2017.170 While the governing coalition concluded that the conduct of both the allied foreign intelligence services and the German Federal Intelligence Service (BND) had been and continued to be within the bounds of the law, the opposition argued that ongoing mass surveillance was unlawful. Both sides drew criticism for not demanding sufficient steps to end the practice in Germany.171 Meanwhile, the German government has taken further steps to significantly expand online surveillance.

In May 2020, the Federal Constitutional Court ruled that the BND is still bound by the fundamental rights of the Basic Law when conducting telecommunications surveillance of foreigners in other countries, finding that the BND had acted unlawfully in monitoring the communications of foreign journalists.172 A 2016 law granted the BND explicit permission to monitor domestic internet traffic as long as they target foreign citizens.173 Press freedom groups argued that the law threatens the constitutionally protected work of foreign journalists reporting in Germany174 and, in January 2018, a number of nongovernmental organizations (NGOs) and foreign investigative journalists filed a constitutional complaint.175

Public perception of the May 2020 ruling has been largely positive, welcoming the courts verdict as a reinforcement of the Basic Law.176 The consequences for BNDs operations remained to be seen, as the BND has until the end of 2021 to implement the ruling.

The late-2016 BND law has also been scrutinized for its impact on the privacy of German internet users.177 While the BND is mainly tasked with foreign intelligence collection, one of the main concerns is that the law permits monitoring of all network traffic channeled through the DE-CIX in Frankfurt—the world’s largest internet exchange point—which would at least unintentionally affect communications by German citizens as well. In 2016, before the new law’s enactment, the operators of DE-CIX had sued the BND in the Federal Administrative Court, arguing that the intelligence service’s practices were unconstitutional.178 In May 2018, the court dismissed the claims, declaring that monitoring of the exchange point was lawful.179

The BND had also been storing and processing bulk metadata records of phone calls via its traffic-analysis system VerAS. In response to a lawsuit filed by Reporters Without Borders Germany,180 in December 2017 the Federal Administrative Court outlawed such intelligence gathering, prohibiting the BND from collecting and processing communications metadata due to a lack of sufficient legal basis for the conduct.181 In May 2018, the BND officially announced that it would end the practice.182 Reporters Without Borders Germany also lodged a parallel complaint with the European Court of Human Rights, alleging that the intelligence service had been unlawfully monitoring the NGO’s own email correspondence.183

Surveillance conducted by intelligence services under the Act for Limiting the Secrecy of Letters, Posts, and Telecommunications (also known as the G10 Act) has continued to decline.184 With respect to international terrorism, the international arms trade, human smuggling, and international cybercrime, the German intelligence services in 2018 (the latest year for which data is available) conducted 9,927 interceptions of telecommunications in total, of which just 48 were deemed relevant for further inquiry by the BND. The BND’s practice of monitoring communications between Germany and foreign countries in accordance with the G10 Act has come under legal scrutiny. Amnesty International has filed a complaint before the Federal Constitutional Court, arguing that the authorities granted by the G10 Act are overly permissive and thus unconstitutional.185 The court’s judgement made in May 2020 regarding the BNDs surveillance of domestic communication traffic involving foreigners has raised hopes for a successful ruling against the G10 Act,186 The appeal against which was accepted for decision in Karlsruhe. At the end of coverage period no verdict had been reached.

Telecommunications interception by state authorities for criminal prosecutions is regulated by the code of criminal procedure and may only be employed for the prosecution of serious crimes for which specific evidence exists and when other, less intrusive investigative methods are likely to fail.

The 2008 Federal Constitutional Court ruling establishing a new fundamental right to the “confidentiality and integrity of information technology systems” also found that covert online searches are only permitted “if factual indications exist of a concrete danger” that threatens “the life, limb, and freedom of the individual” or “the basis or continued existence of the state or the basis of human existence.”187 Based on this ruling, the federal parliament in 2009 passed a law authorizing the Federal Criminal Police (BKA) to conduct—with a warrant—covert online searches to prevent terrorist attacks.188 The law also authorizes the BKA to employ other methods of covert data collection, including dragnet investigations, surveillance of private residences, and the installation of software on a suspect’s computer that intercepts their communications at the source. Separately, antiterrorism legislation that was first passed after the terrorist attacks in New York City on September 11, 2001—which, among other provisions, obliges banks or telecommunications operators to disclose customer information to the authorities—was once again extended in 2015 through 2021.189

In June 2017, the federal parliament enacted the “law for more effective and more practical criminal proceedings.” Most significantly, it included an extensive list of criminal offenses that would allow for the deployment of surveillance software (spyware) on suspects’ mobile phones, tablets, and computers in order to enable monitoring of written and spoken text as well as the copying of data.190 Critics consider the law unconstitutional due to its expansive scope and long list of applicable offenses.191 In accordance with the law, the BKA has been permitted to install monitoring software (the so-called Bundestrojaner, or “federal Trojan horse”) on suspects’ devices since January 2018.192 So far, three different types of Bundestrojaner have been developed.193 BKA hackers have reportedly breached the encrypted messaging app Telegram and are targeting WhatsApp.194 Complaints and lawsuits against the law and similar state laws have been filed at the Constitutional Court by data protection organizations and activists.195

In Bavaria, Germany’s second-largest state by population, the governing Christian Socialist Union (CSU) introduced a bill at the beginning of 2018 that would grant the Bavarian police vastly expanded powers, including the authority to access any information technology system preventively in the event of a—broadly defined—imminent danger, without concrete evidence of a specific crime.196 Critics allege that the bill would blur the line between police and intelligence services, a strict distinction that was built into the constitution as a consequence of abuses from the Nazi era.197 Federal interior minister Horst Seehofer, the former minister and president of Bavaria and a member of the CSU, has stated that he intends to use the Bavarian law as a model for police laws in all German states.198 Since then, similar laws granting police forces vastly expanded power to access communications have been passed in Sachsen, Nordrhein-Westfalen, Niedersachsen, Brandenburg, Hessen, Mecklenburg-Vorpommern, Rheinland-Pfalz, Sachsen-Anhalt, and Baden-Württemberg, while others are under discussion in Berlin and Schleswig-Holstein.199 In some cases, these laws permit police to use Bundestrojaners.

The Bundestag approved a bill in December 2019 expanding the powers of the customs authorities to conduct communications surveillance, including through monitoring software and device searches.200 The law also provides a legal basis to obtain user data from telecommunications providers without the knowledge of the persons concerned, and it permits customs authorities to use IMSI catchers, which mimic cell phone towers in order to collect data from all proximate devices.201 The laws phrasing vaguely describes the circumstances justifying the application of spyware, providing only that customs authorities may use technical means to intervene in information technology systems if necessary. Federal Commissioner of Data Protection and Freedom of Information Ulrich Kelber criticized the almost unconditional and unprompted collection and enrichment of data.202

Newly arriving migrants and refugees are also targeted by measures that infringe on their privacy rights. According to 2017 amendments to the asylum law, an arriving refugee’s electronic device data, including location data, may be copied and analyzed in order to determine the person’s place of origin if he or she does not provide identity documents.203 Although authorities originally gave assurances that these measures would be limited to exceptional cases, later statements revealed that because no such limitation is provided for in the text of the law, the Federal Office for Migration and Refugees intends to implement the measures as standard practice.204

The German government established a legal framework to protect personal data in 1990, though several laws require companies to provide user data to the authorities. German law requires the localization of some telecommunications data.205

In June 2020, after the coverage period, the Bundestag approved an amendment to NetzDG that requires companies report the personal data of users who post certain types of illegal content, including far-right nationalist and extremist content, to the Federal Criminal Office (BKA). Introduced in February 2020, the amendment requires the reporting of personal data, including usernames, IP addresses, port numbers and—with a judicial order—passwords.206 Digital rights associations have criticized that the expected masses of user data, which will flow to the BKA, can hardly be processed by the public prosecutor’s offices.207

Despite a 2014 CJEU decision that struck down the EU Data Retention Directive,208 the federal parliament enacted a law on data retention in 2015.209 Both the parliamentary opposition and data protection officials had fiercely objected to the legislative proposal, maintaining that it contradicted civil laws and violated the guidelines established by the CJEU. Under the new law, different sets of data have to be stored on servers located within Germany for 10 weeks, while providers have to retain the numbers, as well as the dates and times, of phone calls and text messages. ISPs are also required to retain the internet protocol (IP) addresses of all users, as well as the dates and times of connections. The location data of mobile phone connections must be saved for four weeks. The requirements exclude sites accessed, email traffic metadata, and the content of communications.

Several constitutional complaints against the data retention legislation have been filed and are pending at the Federal Constitutional Court.210 In February 2017, the federal parliament’s own research service concluded that the law does not conform to the guidelines set by the CJEU in its 2014 ruling and is thus contrary to EU law.211 After the internet provider Spacenet filed a lawsuit against its obligation to start storing its customers’ data, the Higher Administrative Court of Nordrhein–Westfalen, which has jurisdiction over this question, likewise decided in June 2017 that the German legislation contradicts EU law and is thus not applicable to Spacenet’s conduct.212 Since then, the application of the law has de facto been suspended; ISPs never stored any data based on the retention legislation. In November 2019, the BNetzA disclosed that many providers store extensive customer data for multiple months and share them with authorities if requested.213

A December 2019 law establishes a legal basis for customs authorities to obtain user data from telecommunications providers without the knowledge of the persons concerned (see C5).214The amended Telecommunications Act of 2013 regulates “stored data inquiry” requirements.215 Under this law, approximately 250 registered public agencies, among them the police and customs authorities, are authorized to request from ISPs both contractual user data and sensitive data. While the 2004 version of the law allowed the disclosure of sensitive user data only for investigations of criminal offenses, the amended act extended it to cases of misdemeanors or administrative offenses. In addition, whereas the disclosure of sensitive data and dynamic IP addresses normally requires an order from the competent court, contractual user data (such as the user’s name, address, telephone number, and date of birth) can be obtained through automated processes. Moreover, several studies have shown that judicial review does not actually take place in a majority of instances when it is required.216

There were very few reported cases of direct physical intimidation or violence against online journalists or other ICT users in retaliation for their activities during the coverage period.

In October 2019, law enforcement shut down Germany’s biggest filesharing platform Share-Online.biz and seized its website and servers. After police raided their offices and their employees’ apartments, the operators were charged with commercial unauthorized use of copyright protected works.217

In June 2018, police raided the offices of the Zwiebelfreunde, an activist association promoting online anonymity tools—an action a court later ruled to be illegal. Additionally, the homes of its board members in Augsburg, Berlin, Dresden, and Jena were searched, in order to obtain material relevant to criminal proceedings against unknown suspects accused of inciting illegal activities at a political rally in Augsburg. For communication, the suspects used the confidential email provider Riseup, for which Zwiebelfruende collected donations.218 The implicit assumption of the investigators was that Zwiebelfreunde had information on the identity of the suspects, because the group supported Riseup. Despite the group being “witnesses” in this case, police seized documents containing names, addresses, and bank details of people supporting Riseup and Zwiebelfreunde. Police allegedly made threats to people from Zwiebelfreunde present at the raid, intimating that they might become suspects.219 Following criticism by press freedom and internet rights activists, the State Court in Munich ruled the searches and seizures were illegal and ordered all seized material to be returned.220

A June 2019 study on hate speech reported that immigrants, Muslim people, women and LGBT+ people are predominantly targeted by harassment online. Men reported experiencing online harassment more frequently than women, which might stem from different online behavior.221 When it comes to cases of online discrimination of LGBT+ people, Germany ranks relatively low in comparison to other European Countries.222

Human rights activists and NGOs are rarely victims of cyberattacks or other forms of technical violence that are aimed at stifling freedom of expression. However, government institutions and the business sector have been targeted by cyberattacks.223

The Federal Office for Information Security (BSI) reported in 2019 that ransomware, spam, and bot networks remain a constant threat and are becoming more efficient in design. Between June 2018 and May 2019, roughly 770,000 emails containing malware were intercepted in German administrative networks.224 During the coverage period, information security experts repeatedly raised concerns to the government regarding the shortage of security specialists and inadequate policy and regulatory infrastructure.225

In December 2018, the personal data of parliamentarians, politicians, television personalities, activists, and YouTube artists were published online.226 An individual who confessed to the leaks, a German citizen, was arrested shortly after the case received public attention in January 2019.227 The case led to public discussions about online safety, since much of the retrieved data was protected by weak passwords such as “1234.”228

Earlier, in 2015, the federal parliament had enacted an ICT security law to strengthen its response capabilities; the law obliged telecommunications companies and critical infrastructure operators to report security breaches to the BSI. However, the law has been criticized as being largely ineffective, and its mandates concerning the storage of traffic data to determine the source of possible cyberattacks have been criticized as intrusive.229