I just published my fourth legal book,
, but unlike my previous books, this one was not heavy on privacy law. In fact, I wrote this book in part to take a break from writing about privacy. For the most part, I succeeded, as it covers the 52 major global legal issues arising from this most wide-ranging of conflicts. But like the draw of a tiny magnet on your keychain, I felt this small but persistent tugging. So after months of historical legal authoring about everything except privacy, I finally found a place in which to capitulate and write about privacy as it related to World War II. During the war, there were vast intrusions in the privacy of citizens of belligerent countries, typically under the guise of national security. But in certain situations, these intrusions went far beyond the needs to protect the respective nations against espionage and other such acts. The most well-known example was the invasion of the privacy of the citizens and residents of Nazi Germany, used to identify those who were members of disfavored groups—racial, political or otherwise.


In following this trail into the post-war efforts of the Federal Republic of Germany to pass laws to ensure such significant intrusions into its citizens’ privacy were legally prohibited, I came across the German national and state laws and cases dealing with privacy. In one case, the German Constitutional Court case set the boundaries for later post-war data privacy safeguards for the country and consequently Europe and all those countries subsequently affected by exporting of European privacy law principles—or data—around the world. Not having the space within a global survey of World War II legal issues to discuss this case at length, I determined to later come back and write an article about it. While perhaps well-known within Germany, this rather bland-sounding case seemed seminal enough to be worth a retelling for all of those unfamiliar with this particular part of European privacy history.


In 1982, the German federal government had passed a law calling for a census to collect statistical information on citizens to take place in the following year. This law, called simply the Population Census Act (
Volkszählungs
gesetz
) or more fully, the Law on a Population Census, Occupation Census, Housing Census and Workplace Census (Gesetz über eine Volkszählung, Berufszählung, Wohnungszählung und Arbeitsstättenzählung), proposed to conduct a census and transfer the data for other uses. The first four sections described the information to be collected, which included, for example, name, address, telephone number, gender, birthdate, marital status, religious affiliation, nationality, use of home, source of subsistence, employment type, employer, education and method of commuting. Other information was to be collected from businesses and on dwellings.


There was a strong citizen reaction to this law given both the large number of questions asked—more than 150—and that the information was not only to be used for statistical purposes but to update local resident registers. At this time, following on from the world’s first data protection law in the German state of Hesse (Hessisches Datenschutzgesetz) in 1970, the federal government had enacted a national data protection law (Bundesdatenschutzgesetz) in 1977.  In addition to the lingering memories of the uses that census and other official records had been put to during the time of National Socialism, the use of large-scale data processing was emerging with potentially unlimited ways to utilize the information collected on individuals.


This all led to a case eventually reaching the German Constitutional Court. Called the Population Census Case (Volkszählungsurteil), the decision of the court created a series of procedural safeguards still central to data protection laws, as discussed below. It did find most of the population census and many of the provisions of the law to be constitutional, assuming use of these safeguards. It also prohibited the transfer of the data from the national to local governments for the purposes of updating the resident registers and other secondary uses beyond the scope of the statistical purpose of collection. And it created the right of informational self-determination, a key cornerstone of continental data protection laws.


The court noted that the Basic Law (Grundgesetz) contained provisions for human dignity and the right of personal liberty, in Article 1 paragraph 1 and Article 2 paragraph 1, respectively. From these two principles comes the right to freely develop one’s personality. To develop one’s personality, a person needs to be able to participate in society by disclosing only such information as they wish and to whom they wish. This implies a right of informational self-determination. Without this right to determine which of her/his personal information is disclosed, the individual gives up some of their right to freely develop their personality, as they are uncertain what processing is being done on their personal information. If a person does not know what information about them is being recorded; e.g., attending a meeting or working on a citizens’ initiative, or otherwise processed, to keep control of their information they may withdraw from the public actions and debates necessary for a democratic society.


The court stated that in the age of data processing, the free development of personality requires protection against the unlimited collection, storage, use and disclosure of personal information. The court also noted that the right of the individual to protection of her/his personal information was not unlimited and could be disclosed under an overriding public interest. This interest must be statutory, where the legislature has observed the principles of proportionality and clarity and implements organizational and procedural safeguards that protect privacy of this personal information. There can be differences in the safeguards for non-anonymized personal data and that which is used only for statistical purposes. The stated purposes for data collected only for statistical data do not need to be as clearly defined.


Within this decision, in addition to the principles of proportionality and clarity mentioned above, and the obvious need for confidentiality and anonymity for statistical data, the requirements for legal purpose-specific collection were enunciated, as well as accuracy of information, the ability to access and revise it, timeliness, limits on retention of personal data, collecting the minimal amount of data required and the independence of data protection officers. The unconstitutionality of one level of government passing the data to another dictated a requirement for organizational and procedural safeguards and discrete legal foundations for these disparate data processing entities. These principles became part of the revised national data protection statute in 1990 and eventually made their way into the 1995 regional data protection directive. The German national census planned for 1983 was not cancelled but rescheduled and carried out in 1987 under a revised statute, which was also challenged but found constitutional.