Blog Post

What German startups really think of web privacy rules

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

The U.S. and European Union have very different levels of data protection and online privacy rules, something that significantly warps the market when it comes to online services.

Companies on one side of the Atlantic that want to serve customers on the other have to comply with at least two sets of rules –- and in Europe, each country gets to interpret the federal law its own way, leading to even more headaches. Ultimately, what’s legal in America may not be legal in France or Austria.

Both the U.S. and EU are currently revising their regulations, and the last couple of months have even seen a tentative plan develop to create some harmony between them. That flirtation gained a loose formality on Monday, when a joint statement talked about “a defining moment for global personal data protection and privacy policy.”

It’s a dry read, but fun if you enjoy weighing up nuance. It’s not talking about eliminating all regulatory differences, but what it does say very clearly is that the U.S. and EU want to “increase interoperability in privacy laws and regulations, and to enhance enforcement cooperation”, and that there should be international “standards in the area of personal data protection.”

But of all the countries in Europe, none interprets EU data protection law more literally and rigidly than Germany — just ask Facebook or Google. So I thought it would be useful to see how local startups view the idea of the U.S. and EU’s data protection and privacy laws being more in tune.

Here’s what they said:

Steffen Kiedel, CFO, 6wunderkinder (producer of Wunderlist and Wunderkit task-management apps)
In terms of international competition, the German and European regulations really slow things down. We can’t use servers in the U.S. or other data services without having extra policies. Harmonization would allow us to be more competitive worldwide and bring our products to market easier.

Edial Dekker, CEO, Gidsy (experience-finding service)
[The EU’s data protection regime] is a really difficult topic and sometimes hurts companies. For example, there are many interesting analytics tools that we cannot use fully due to this (like Mixpanel). But the good thing is that what [complies] in Germany, probably also works in the entire rest of the world. If you can make it work here, you can do it anywhere.

Philipp Strube, CEO, cloudControl (platform-as-a-service provider)
It’s a common complaint that the less restrictive U.S. data security laws are a significant advantage for U.S. startups. Playing by the EU data security laws is like showing up to the grand prix with a race car missing one wheel. At least harmonization should let everyone show up with three wheeled cars. While of course not the only reason, one shouldn’t underestimate the effect stricter data security laws certainly have on the fact that Europe hasn’t produced a true global web leader yet.

Ezeep co-founder Sascha KellertSascha Kellert, CEO, Ezeep (cloud printing service)
Irrespective of the quality of the current proposals, we believe it will most likely level the playing field a little as EU regulatory burdens would act as a barrier to entry for U.S. players. It is too early to tell if a revised EU-U.S. approach to privacy will have a positive effect on the competitiveness of EU-based internet businesses. At this stage it appears to be more of a tool to streamline operations [for] regulators as opposed to being truly motivated by market and consumer needs. (mobile radio app)
Companies capitalize a little too much on people’s private information, I do think this needs to be addressed. We’d like to think a level playing field might help us, as Europe has taken the lead in a lot of these privacy issues. If the U.S. follows, it will serve to make things a little more cooperative and well-rounded for companies around the world.

7 Responses to “What German startups really think of web privacy rules”

  1. Sievering

    Frankly im glad atleast one country in this world puts the privacy of individuals and their rights before the corporate data mining greed large internet firms feed off. In the end the discussion comes down to whose rights are greater a citizen or a corporation feeding of his personal information, im glad that in Germany the citizen wins every time.

  2. There are ways to protect your internet privacy. You can prevent ISP’s from spying on your traffic by using an encrypted tunnel such as

    Most proxies available are SSL based and as such are prone to trusted man in the middle attacks. Hush Tunnel is different. Hush Tunnel uses SSH technology and the Diffie-Hellman key exchange, an anonymous key-agreement protocol, that provides perfect forward secrecy, without a middle man and without vulnerabilities that expose your traffic.

  3. Countries have the privacy laws they deserve. I’ve never met a more paranoid folk in terms of privacy protection than the Germans. One example: The % of users that go by a fake name is several times higher among my German friends than among my friends from other countries. The answer I usually get about their paranoia towards the use of their personal data online is that the eastern part of the country lived for 40 years under a regime that used its access to personal information against their citizens. Sounds plausible, but it’s definitively playing against the international competitiveness of the German internet industry.

  4. Maybe we German Startups are just aware, that we have to live with the German standards. So we have two choices: make do with German law or just leave the country and start somewhere else.

    We can wish for the EU governments to not make things so hard for us – its not going to happen. So we will go on spending money on lawyers and make do with the disadvantage.

    This disadvantage is not only about laws. This ongoing discussion also makes people really afraid of internet-services.

  5. Christian

    From a competetive perspective Euro startups can be happy about tighter rules over here as it allows them to flourish and build their business while US startups cannot pave their way into Europe easily. Think about it a bit like China whith its massive amount of regulation which is the primary reason for the existence of large Chinese internet players.

  6. Tac Anderson

    It’s interesting that all the German startups envision a level playing field meaning tighter regulations for US companies and not less restrictive regulations for EU companies.

    • David Meyer

      That’s definitely the impression I got from the companies too, and perhaps not unreasonably so. For a start, I can’t see the EU abandoning its reforms as proposed, which would tighten the rules even further. And the phrasing of the US pronouncements on the matter do seem to indicate an element of ‘catching up’ with the EU approach.