Experts agreed on Monday at a hearing in the Bundestag that in the digital age, a modern register landscape that complies with data protection is overdue. Opinions diverged completely on the way to this goal. In the end – with a kind of abstention and a lot of stomach ache – there was about three to three for and against the draft of the federal government for a law on the modernization of registers, with which the personal tax identification number is to be converted into a central personal identification number across all registers.

Timeless danger Data protectionists emphasized that the tax ID as a citizen number breaks the dam and the Federal Constitutional Court will have to patch them up again. With the census ruling, the latter stated that a general personal identifier was clearly unconstitutional. There should be no way to register and catalog the individual citizen. This would be an enormous danger for informational self-determination.

Now the government wants to allow the state for the first time to easily and reliably compile extensive data on each individual, criticized the Federal Data Protection Officer Ulrich Kelber. “Citizens will never be able to rely on abuse never happening.” This danger is timeless and not directly linked to technical developments, the computer scientist rejected ideas from the CDU. With the increasing linking of data, also in the economy, the risk tends to increase.

Data protection impact assessment The in the Architectural barriers planned in the draft such as the 4-corner model, according to which data should only flow through an independent third party, are inadequate, according to Kelber. You could not prevent the tax ID from bleeding into other areas, as was already provided for in a draft bill by the Federal Ministry of Health. The data protection conference of the federal and state governments have therefore agreed in unison that the initiative is likely to be unconstitutional. With such assessments, their balance also looks very good.

It is important to ensure that the system for virtual networking of initially 56 Databases from the federal and state governments, including vehicle and residents’ registers, could not be misused “with the stroke of a pen for autocratic endeavors”, added Kirsten Bock from the Independent State Center for Data Protection Schleswig-Holstein (ULD). You miss a data protection impact assessment in the project. The planned data cockpit is not suitable “to balance the power asymmetry”. The associated transparency about access is weak: only log data is set as long as it is required. The data protectionists therefore promoted the alternative approach of area-specific personal identification numbers.

“Austria Plus Model” In Austria this would be cryptographically derived from a secret master number and transmitted in encrypted form to the requesting offices. In this way, no conclusions can be drawn about the person behind it. The procedure there cannot be transferred one-to-one, Bock reported. The structure here is ultimately even “significantly more beneficial and simpler”.

Saarbrücken-based legal IT specialist Christoph Sorge pleaded for an “Austria Plus model” based on a recently submitted report. The switching centers that are required in this country with the 4-corner mechanism could simply be further developed by “translating” the area-specific numbers. This is in the existing register structure, which is more decentralized than in the Alpine republic, and at the same time does not lead to new risks, since no additional master data is stored by intermediaries and this is difficult to circumvent.

Too many data points saved Just the Austrian Peter Parycek, who is also a legal IT specialist and heads the Public IT Competence Center at the Fraunhofer Focus Institute, did not think so. The complex procedure in his home country has little impact, as the states and municipalities hardly cooperate with it. At most, the fully automatic census that this makes possible is a success story. In addition, there is currently no working solution for area-specific numbers in a decentralized case, such as should be retained in Germany. The complexity increases with every element that is added. There is a “high risk that the project will fail and the data protection transparency cannot be adhered to” against this “absolute horror”. In the economy this is partly already real. Preventing a personal number therefore has “no longer any protective effect”. “Too many data points” are already being saved about the citizens. Anyone who has access to it can use a big data analysis “far beyond 60 to 70 Achieve percent coverage “and create profiles. It is therefore crucial to avoid access points and to divide the state into areas via 4 corners.

Over-Engineering “The personality profile is the godfather of data protection law”, was the Passau constitutional lawyer Kai von Lewinski did not escape it. The main problem here is the “grown modern welfare and surveillance state”. The draft, on the other hand, does not focus so much on the citizen number, but rather on maintaining and connecting the decentralized register landscape. He assumed “German Over-Engineering” to the model presented by Sorge, which “always increases the attack surface”. The risk of constitutional failure is also “very well limited” in the government project, since the master data remains in individual databases.

The 4-corner system, supplemented by area-specific numbers, is deliberately based on the one outlined in the draft Structure on, worry held against it. The storage effort for the required table is in the order of magnitude of a reasonably modern cell phone, a prototype could be programmed in an afternoon.

Decentralized storage The numerous concerns raised made the unconstitutionality of the government initiative “not necessarily appear”, said Eike Richter from the University of the Police Academy in Hamburg. The legislature itself must adequately assess the situation, but in any case still have to introduce additional security mechanisms. It is advisable, for example, to determine the state areas for a permissible exchange of data and to limit transfers and the selection of the registered registers. Currently, for example, the Federal Bar Association is not involved in administrative proceedings at all.

The law should also be evaluated and limited in time. Building on the tax ID is “by no means mandatory, but justifiable,” said Ariane Berger from the German District Association. However, she also saw measures to safeguard freedom as indispensable in order to contain abuse. Above all, the specialist data would have to be kept decentralized.

(kbe)