Sabine Leutheusser-Schnarrenberger is one of Germany’s most prominent advocates of human and civil rights. As a member of Germany’s liberals, she served as Federal Minister of Justice in the cabinet of Kohl from 1992 to 1996 and Merkel until 2013. She is known for backing up her rhetoric with action: in 1996 she resigned in objection to a planned acoustic observation program; and in 2013, she refused to sign an agreement to extradite Edward Snowden to the US should he set foot on German ground. “I stand with this decision”, she asserts. “Surely, also according to German legislation, Mr Snowden would have committed a felony by disclosing state secrets and has to expect a penalty. In the US however, he is going to expect a life-long sentence in prison. According to my understanding of the law this decision would be disproportional, since it does not counterweight the fact that he has called attention to serious maladministration. Mr Snowden is just one of many whistle-blowers to come, and definite legal regulations for similar future cases needs to be developed as soon as possible.”

Leutheusser-Schnarrenberger tirelessly strives for the protection of civil rights in the digital sphere. “In times of global streams of data, it is hard to think of single national models in order to protect individual privacy”. The most efficient solution, Leutheusser-Schnarrenberger argues, is a European one, which is still a distant prospect. “When the European Court of Justice tried to find a common legal ground concerning data retention, countries like the UK refused to adopt their national standards. Some international partners are very curious about their neighbours. We know as a fact, that US intelligence constantly attempts to secretly gain access to the major national data streams in Germany. Surely, this goes without any legal justification but national protection laws are nevertheless toothless.” Still, according to Leutheusser-Schnarrenberger, the case of inter-governmental data security isn’t lost and other opportunities of enforcing the protection of privacy could be explored.

“One option could be, for example, to make the TTIP negotiations subject to transatlantic reforms. Europe is well advised to reconsider its bargaining power. Some terms which are important to Washington could be attached to the implementation of facilities, which protect citizen’s data from espionage.”

The interaction between national intelligence and private companies further complicates the picture about transnational data security. “Today’s most influential data mining companies, like Facebook, Apple, Google, Amazon, or Twitter are based in the United States. At the same time, US legislation quite easily allows governmental agencies, such as the NSA, to monitor and access customer data on American ground. For a long time, Google has even granted the US government access to their data pool, by mutual agreement.” More interestingly, quite in contrast to the public debate, not all of intelligence agencies’ work is targeted at preventing terrorism. “Industrial espionage plays a sizeable role, too. I like to remember the case of SWIFT, a financial telecommunication company, which has resettled its headquarter from the US to Europe when it became clear that the NSA could easily and without violation of national laws access sensible company and customer data.”

Luckily, with an increasing customer awareness, the tone of the debate has begun to change. “Companies like Google fear a damage of their image and data protection has become a part of the company policy. Likewise, the German Federal Constitutional Court has decided that all servers, containing sensitive information of German citizens, need to be situated in Germany.” But Leutheusser-Schnarrenberger is worried that governments still do not take the necessary measures in order to protect their citizen’s digital privacy.

 “There will always be conflicts of interest, as long as governments rely on the service of private companies. It is upon the governments to take the protection of their citizen’s data seriously and implement their own and secure data highways. From a technological point of view, secure data transmission is possible, but apparently too expensive for most governments. Still today, Germany has not managed to implement end-to-end encryption.”

Some officials claim that there is no need for further governmental protection of citizen data, since everyone should be aware of the risks that come with living in the digital world. For Leutheusser-Schnarrenberger, this is a spurious claim. “The digital world must not become a legal vacuum. Advising citizens and customers to shut down their Facebook and Instagram profiles and ultimately detach from digitalization is anything but a sensible and satisfying solution. It is the government’s duty to protect digital customer privacy.”

One example in which legal protection was able to catch up with the steadily changing digital world, is the right to be forgotten. Yet still, the internet giant Google tries to avoid compliance. “When I talk to high-ranked Google officials, I am bombarded with altruism. They claim just to act with best interest for the customer, and the more information they have gathered, the better they can target their customers’ needs. However, customer satisfaction cannot be established at the cost of civil rights.”