Future Tense

The Problem With Europe’s Strict Privacy Laws

Picture taken on March 23, 2010 shows defendant Heinrich Boere sitting at court in Aachen, western Germany. A German court on February 9, 2012 acquitted two Dutch journalists accused of secretly filming an interview with the 90-year-old former SS assassin on charges of breaching German privacy laws, an official said.

Photo by OLIVER BERG/AFP/Getty Images

An elderly German man recently invoked an EU privacy law to file a complaint against two Dutch reporters for secretly videotaping an interview with him at his nursing home. A German prosecutor acted on the complaint and brought the reporters to trial, seeking to impose lengthy prison terms on them.

On the surface, this may seem the right result. The law against secret videotaping is clear, and the reporters took advantage of an infirmed old man. But, as if often the case, there is more to the story.

The complainant, Heinrich Boere, knows a little something about the dangers of invading people’s privacy. During World War II, he served as an SS commando and took advantage of the Nazis’ sophisticated databases to track down and kill suspected Dutch resistance members and supporters.

Boere used a shield of privacy and anonymity for more than five decades to avoid detection and prosecution. But in 2008, a vigilant German prosecutor filed an indictment against Boere and in 2010, he was convicted. He is living out his last days in the hospital ward of a German prison.

It was in the nursing home interview that Boere acknowledged his role as a Nazi hit man, an admission he would later try to deny but for the videotape. He said he “was just following orders.”

The criminal invasion-of-privacy case against the reporters put into sharp focus the automatic and inflexible application of privacy law in circumstances where flexibility and discretion appear to be called for. Press freedom groups around Europe protested the prosecutor’s zeal against the reporters. They argued that secret-taping laws exist in many places in Europe (as they do in various U.S. jurisdictions), but that if ever there were a case for prosecutorial discretion and refraining from putting reporters on trial, this was it. The confession the reporters extracted was very much in the public interest and helped bring to justice a Nazi war criminal. Moreover, the reporters were threatened with more time in jail for their privacy transgressions than Boere may serve for murdering innocent people, given his age.

Fortunately, the presiding judge at the criminal trial of the reporters agreed. He weighed the importance of their journalistic work against Boere’s privacy rights and acquitted the reporters in February.

An irony of the case against the reporters is that the roots of the strict European approach to privacy come from the Nazi era. During the Holocaust, Nazis like Heinrich Boere used their access to information about people as an integral part of their killing machine. Files with personal details allowed the Nazis to track down, inventory, and “process” the millions who were killed. That grotesque misuse of personal data underpins the strict EU privacy laws. There are limits on what personal information can be collected; for what purpose it can be used; and how long it can be retained. Individuals are empowered with control over information about them. Anonymous informants, even whistleblowers enforcing corporate integrity, are frowned upon.

And the European Commission has released a proposal to make the EU privacy rules even stricter, with serious financial penalties for companies that violate the rules. The proposed privacy regulation contains a “right to be forgotten” that Heinrich Boere might have appreciated.

Last month, professor Jeffrey Rosen recently has written in the Stanford Law Review online and in the New Republic that there is a serious concern about free expression raised by the potential application of the “right to be forgotten,” since it could be applied broadly, even to truthful information posted about people by other people. Online services could be required to honor takedown requests simply because it is “any information relating” to a person. Rosen explains that social networking sites and search engines would have the burden to prove that the challenged information falls within a journalistic, artistic, or literary exception permitting it to be published. “This could transform Google, Yahoo, and other hosts of third party content into censors-in-chief for the European Union, rather than neutral platforms,” Rosen writes. And he is right to be concerned.

As the proposed EU regulation that includes the “right to be forgotten” is considered, policymakers in Europe will be grappling with the balance between privacy and free expression, privacy and innovation, privacy and law enforcement access to data, and many other areas where the right of the individual and the rights of others can clash. In a digital world that doesn’t easily stop at country borders, decisions EU policymakers take to balance these competing rights will be have global implications and will affect the laws governing the values of civil society for generations.

Unlike the decision to prosecute the Dutch reporters for privacy violations in the Boere case, the proposals for a new EU privacy regulation are open to public discussion and input. The issues that will be discussed will not be as compelling as those involved with reporters unmasking a Nazi war criminal’s deeds, but the Boere incident serves as a reminder that privacy rights must be weighed against other rights, and that inflexible rules can lead to unintended and unjust results.