Data Privacy Protection: Why Tutanota Is in Germany.

Obviously, Tutanota is located in Germany because it is being built by German engineers. While in theory we could move our servers to any place in the world, we deliberately decided to place them in Germany. Here is why.

Data privacy regulations in the European Union (EU) are among the strictest in the world, and among all European member states, Germany has one of the strongest policies: the Federal Data Protection Act (Bundesdatenschutzgesetz). This law protects users of Internet services. It puts the user in charge of what should be done with their data: Companies (=we) are not allowed to collect any personal information without express permission from an individual (=you), (i.e. name, date of birth, IP address). In Germany there is no law that could force us to submit to a gag order or to implement an encryption backdoor.

Read also the regularly updated article on how German legislation protects your data in Tutanota: Fighting for privacy: How encryption & data protection laws safeguard your emails.

Surveillance around the world is growing

Recently, politicians around the world want to increase online surveillance by claiming that surveillance would protect us from terrorist attacks. While it is proven that more surveillance does not lead to more security, this is an important issue we as a secure email service need to monitor closely. For instance, many European countries now have data retention laws. In France and in the UK companies need to store their user's data for a minimum of 12 months, and Swiss email providers need to store their users' data for a minimum of six months.

Only recently, also Germany introduced a data retention law that forces companies to store data for ten weeks. Fortunately, the German law does not affect Tutanota because email is explicitly excluded from the German data retention law. In addition, we are convinced that the law is against the German constitution. German Internet activists are already working on a constitutional complaint. They are fighting for the current law being declared unconstitutional - just like a previous German data retention law that was declared unconstitutional in 2010.

Germany wants to become encryption site number one

All in all, Germany is more pro-privacy than most countries. While many politicians around the world try to ban encryption, Germany wants to become the encryption site number one. The German government declares in their 'Digital Agenda' that they want to foster the accessibility of secure and easy-to-use encryption solutions to protect their citizens' communication. On page 31 of the Agenda it says (translated from German): "We want to become the top one location for encryption in the world. For this, the encryption of private communication to many should become a standard."

Germany has a very good reason to protect its Internet users and their privacy. Only 25 years ago, Germany was re-united. Before that, the German Democratic Republic (East Germany) was a prime example of a surveillance state - with all its negative consequences. In Germany we have learned our lesson, and we will fight for our privacy online.

No comments available