Big Data And The German Dilemma

Reflections from the 10th Safer Internet Day Conference in Berlin, February 5th 2013

Earlier this month, I had the pleasure of speaking at the Safer Internet Day Conference in Berlin, organized by the Federal Ministry of Consumer Protection, Food and Agriculture and BITKOM, the German Association for Information Technology, Telecommunication and New Media. The conference title, ‘Big Data – Gold Mine or Dynamite?’ set the scene; after my little introductory speech on what big data really means and why this is a relevant topic for all of us (industry, consumers, and government), the follow-up presentations pretty much focused either on the ‘gold mine’ or the ‘dynamite’ aspect. To come straight to the point: I was very surprised, if not slightly shocked at how deep a gap became visible between the industry on the one side and the government (mainly the data protection authorities) on the other side.

While industry representatives, spearheaded by the BITKOM president Prof. Dieter Kempf and speakers from IBM, IMS Health, SAS, and others, highlighted interesting showcases and future opportunities for big data, Peter Schaar, the Federal Commissioner for Data Protection, seemed to be on a crusade to protect ‘innocent citizens’ from the ‘baddies’ in the industry.

One could of course argue that this perspective is an inherent part of a data protection job, but I doubt if this is what citizens and consumers really want. Yes, I’m an industry analyst but I’m also a citizen and a consumer at the same time. I personally would very much welcome a clear data protection framework that allows our economy to grow and companies to offer all the great enhanced new products and services that become possible with big data technology – while at the same time shielding my privacy. Current regulations in Germany don't seem to provide this balance, don’t provide the necessary clarity, or simply don’t exist. Yes, there will always be some black sheep in a competitive economy, but we should not penalize everyone because of a few exceptions.

Missing regulations are worse than strict regulations. Companies need to have a framework that offers the confidence for investments – even more so in Germany where companies tend to be more conservative and risk-averse. Without a clear framework for big data scenarios (Who can do what with what data? Which use-case scenarios require the data owner [customer] to actively opt in or opt out?), the German economy will get stuck in a serious competitive disadvantage.

The solution is not to try and push this missing data regulation back to the technology: During the panel discussion, Peter Schaar suggested, for example, that smart meters in future should be so smart that they can handle any possible data scenario and that customers would be able configure this super-smart meter at home (e.g., what data to forward to whom under which circumstances). With all due respect to the vision of our Commissioner for Data Protection, I do not believe that customers really want to program a super-smart meter at home or pay a higher energy bill because of such devices. Technology can't solve the problem of missing data regulation. Government needs to accelerate the effort to create a framework in which technology can be used appropriately.

We need to decide what big data stands for in Germany: ‘big opportunity’ or ‘big angst’? It is in our hands to shape the future.

What do you think of big data – do you see it mainly as an opportunity or a threat?

Please leave a comment or contact me directly.

Best regards,



The Anti-Incubator

Hi Holger,

very interesting read. I was in a very similar situation when joining the roundtables on Cloud Computing at the BMWi (Secretary of Commerce) 2 years ago and found myself in what was the birthplace of ideas like the "German Cloud".

Today, most IT-professionals would that limiting technology to national borders is somewhat difficult, if not impossible.

With the latest debate on Big Data it's getting interesting though: we no longer are talking about where data is to be stored, what encryptions the servers should have etc. - it all is about unlocking the value of data that is already there. I very much agree with you: the consumer just likes to have a better customer experience, not a smarter meter hanging on their walls metering consumptions. It's a typical manufacturer's view on a genuine consumer topics. It fades out the consumer :-)

Publicly available big data can deliver what companies could potentially also do otherwise, but with a price tag, that's hard to justify: which company could hold a focus group every day? who could afford to engage agencies to survey their customer about every aspect of their product? and who could provide all that in a non-influential, 100% natural setting of consumers expressing themselves without being surveyed? That's the beauty of Big Data. Separating signal from noise. As Clay Shirkey says: it's not information overload, it's filter failure. And if the use of filters is what terrifies the data protection authorities more than the information overload and the preference is to keep the character of massive data as "useless" then we have a clear competitive disadvantage in the German market versus competition.

See you soon,

Re: The Anti-Incubator

Hi Mani,
thanks for your comment. Yes, the discussion has alot in common with the cloud discussion that started few years ago - and for the similar reasons. To stay in your picture: consumers like to have fresh coffee in all it's variations and the industry can build wonderful coffee machines. Unfortunately data protection authorities don't allow the usage of appropriate filters or ban filters at all - and that's the muck we get to drink.
Thanks, Holger

Welcome to the Facebook-festival

Hi Holger,
welcome to our German Facebook-Festival conducted by our fundamentalists. Yes you found it right with Big Data, but we play in other areas, too. More examples?

- we signed the European Service Directive, but boycotted its execution. Article 8 guarantees every European service provider to do their paperwork online. Not so in Germany: you will have to engage qualified signatures, which you cannot get outside of Germany. Catch22, but professionally managed isolation.

- tomorrow we will discuss an E-government law in parliament. Public Administration is to get hided behind a wall of De-Mail. A special, proprietary, national, closed E-Mail-System, which cannot be connected to Exchange or Lotus Notes for legal purposes.

- two weeks ago the federal Open Data portal was closed to GovData. Germany is not part of the Open Government Partnership.

- two years ago, we could observe that large public administrations brought their E-Mail into the clouds of Google or Microsoft. Not so in Germany. We decided that cloudcomputing is untrustworthy and set up an research program for five years and 25 mio € "Trusted cloud" aso that in some years from now Germans cna use this Gobvenrment sponsored special German high level of cloud computing. May it will be called "The Bunker" or "The Trutzburg" (google for Trutzburg and e-government ;-)

- for smart meters there is no business case for families, but we hate to discuss economics. We love to discuss fundamentalism. Like Schaar does.

You have to note, that only in the English speaking countries risk has two sides: opportunities and threads. We have only threads.

Actually our thread managers are heavilly engaged in the Facebook-Festival: traditional data protection themes our boring: SWIFT, PNR, Schily-packages, illegal trojans from the police, all the old stuff: no problem, and if it pops up, then our data protection officers declare it as top secret.

But if there is any opportunity of bashing Google or Facebook you will see Schaar, Weichert; Albrecht at once to use every medium: Internet, TV, press: Facebook-Festival.

They do not want to discuss whether the citizens want Facebook to gather your data for allocation of proper ads, so that the services is out of cost for the user. They want to discuss that every IP-packet is private and every router has to send you an written declaration that it will not cover up the privacy of every IP-packet.

As long as you talk of US provider of any service they will tell you that the world will end next days if you don't stop to use it. This is hard coded in the generation of 1950th and 1960th with chances to be inherited.

So Big Data is in Germany actually a synonym for Big Problem/Big Evil. Economic performance or intellectual brilliance or benefits for the citizins is no reason to stop for our fundamentalist. Publically financed escape from the reality.

WWI World Wide Isolation

Re: Welcome to the Facebook-festival

Hi Wolfgang,
thanks for your comment. Wow, that's a lot of interesting examples showing that the problems goes much deeper than slow progressing data regulations. But there is hope - I'm a 60th baby-boomer too and think I have overcome my hard coded big data aversion over time.
Best regards, Holger

A basic misunderstanding

Hello Holger,

I was pleased to read your article.

I have a different view and I would like to try to explain. However, english isn't native for me, so please excuse wrong terms or stupid typing errors.

People are not subject to the business; they are living in this world. A view directly from business perspective allows the alaysis of people privacy due to the business need. Without any doubt. It's logical, it's business.

However, the opposite view is based on the fact, that human being is higher ranked, more important and much more worth than any billion of dollars business can make out of it.

To get me right - I'm security expert (maybe) and I'm in the business. I totally understand the business view of these topics, but I doubt there was any serious try ever to understand the other side.

To me it's not about blocking any kind of business usage of data. It about the data owner.

To give a real life example.
You own your phone number. When you handle this phone number to me, you can trust me, I know, that's still your number. Now a friend of us is calling me asking for your number. My answer will be "Sorry, it's not my number, I can't give it to you. But I can call Holger to let him know he wants to contact you, or ask him for permission to provide his number."

You believe this example is extreme? Maybe it is. People deal with their privacy on different layers. But I believe we have to respect all of these positions and not overrule people and human intrests by business need.

If business believes there is a human interest in a particular product or service - well:

Let the authority of data within the user and you can see how much information they really want to share. The standard "terms and conditions" used these days, are a totally unacceptable way as they do not clearly mention what a company is truely doing with individual information.

As consumer you have to buy an all-or-nothing package. You can't say: I allow this company to process my data, but I don't allow them to handle my phone or my ID to any or a particular 3rd party. Or I'm fine for statistic usage, but not for advertisment.

Providing information to a company leads to a loose of control. And this is a different story in the digital world, compared to what we do offline. For sure you know much better than I do how many detailed user information are out there.

All these common business terms might be totally inline with any (US) legal requirements, but the law history and basics are seriously different between Germany and the States. We have to learn from each other.
Unfortunatelly I doubt this will happen.

The key reason is based on the view both parties have about each other - hardliners.

And, sorry to say, looks like I'm a fundamentalist or hardliner fighting for data privacy. This will restict some business models and may make other models impossible.

Or - by using more money for the business delivery - there are solutions which might be inline with my data owner view.

Thanks for allowing my 2 cents here,


Re: A basic misunderstanding

Hi Oliver,
thanks for your comment, very much appreciated! I do not think that we really deviate a lot in our view - I very much believe that appropriate data protection is absolutely needed in our world of in exploding data and data analysis technologies. The problem is the fundamentalists and hardliners on both sides that block any aligned way forward. In the interest of both, consumers and industry we need to find an appropriate balance to allow economic growth and innovation in a world of empowered consumers. Alas, it looks like we are currently far away from any balance.
Best regards, Holger

The pressure will come from "values driven consumers"

Thanks Holger for sharing your viewpoint and I fully agree, it is the same in France. The government was very proud to propose that the chip makers (sensors or RFID tags) include a off capability which does not solve the issue for those consumers benefiting from the service offered thanks to these sensors.
There is a phenomena which is appearing currently in line with social consumption. The consumers will use the same technologies (big data, cloud, social tech) to battle against companies which will get a bad behaviours. I am calling these "activist social computing". These are like,, goodguide, mesgouts, noteo, shopwise and I am sure there are others all around the world. These ASCs are grouping consumers around "values". Very well known Hard ASC are wikipedia and anonymous because they are using non legal means for activism and not every one will join them. But some others are soft activists social computing and millions of consumers are joining thm actually and getting the first successes. I am currently delivering 2 presentations per month for different audiences to explain that movement and why we should care, score and protect these ASCs. They will protect us better than any government if we care of them.

Obligatory registration (Meldebescheinigung) is Opt-In from Govt

Hi, Oliver.
Just couldn't keep mouth closed after reading your pledoyer to privacy in Bundesrepublik. The most dramatic violation of my privacy starts at the government level!!! Not sure how it's called in English, but in Germany one has to register his address of residence - and it is OBLIGATORY. Without certification of the registration (called Meldebescheinigung in DE and Meldezettel in Austria) one is not capable to open a bank account, to arrange a mobile contract, etc. I am moving the 3rd time since I arrived to Germany some 2 years ago - and guess what: as soon as I register myself I immediately start receiving local spam in my postbox, my name gets posted at ortsdienst, people123, etc.. Did anyone ask me whether I am happy the data is getting published?! No single time! And it was only by chance I came across the info - thanx to google;) - on how I can explicitly prohibit doing this by signing some additional paper and sending by post to local Rathaus.
Is that Okay?! What about Schufa security (credit scoring agency that provides my data upon request to third parties)? If one is talking about privacy, than this should also be stopped, or is it only private capital that is not allowed to profit from using my personal data?