Data privacy regulations in the European Union (EU) are among the strictest in the world, and among all European member states, Germany has one of the strongest policies: the Federal Data Protection Act (Bundesdatenschutzgesetz). This law protects users of Internet services. It puts the user in charge of what should be done with their data: Companies (=we) are not allowed to collect any personal information without express permission from an individual (=you), (i.e. name, date of birth, IP address). In Germany there is no law that could force us to submit to a gag order or to implement a backdoor.
Surveillance around the world is growing
Recently, politicians around the world want to increase online surveillance by claiming that surveillance would protect us from terrorist attacks. While it is proven that more surveillance does not lead to more security, this is an important issue we as a secure email service need to monitor closely. For instance, many European countries now have data retention laws. In France and in the UK companies need to store their user's data for a minimum of 12 months, and Swiss email providers need to store their users' data for a minimum of six months.
Only recently, also Germany introduced a data retention law that forces companies to store data for ten weeks. Fortunately, the German law does not affect Tutanota because email is explicitly excluded from the German data retention law. In addition, we are convinced that the law is against the German constitution. German Internet activists are already working on a constitutional complaint. They are fighting for the current law being declared unconstitutional - just like a previous German data retention law that was declared unconstitutional in 2010.
Germany wants to become encryption site number one
All in all, Germany is more pro-privacy than most countries. While many politicians around the world try to ban encryption, Germany wants to become the encryption site number one. The German government declares in their 'Digital Agenda' that they want to foster the accessibility of secure and easy-to-use encryption solutions to protect their citizens' communication. On page 31 of the Agenda it says (translated from German): "We want to become the top one location for encryption in the world. For this, the encryption of private communication to many should become a standard."
Germany has a very good reason to protect its Internet users and their privacy. Only 25 years ago, Germany was re-united. Before that, the German Democratic Republic (East Germany) was a prime example of a surveillance state - with all its negative consequences. In Germany we have learned our lesson, and we will fight for our privacy online on all ends.