Privacy & Cybersecurity Law Blog

On March 1, 2013, the German Federal Council (Bundesrat) passed a new registration law after insisting on a number of important amendments (in German). Among other issues covered in the bill, the new law regulates how businesses can obtain the registered addresses of individuals in Germany from Germany’s public authorities (“official address data”) and use that information for commercial purposes.

The law allows businesses to obtain official address data from the government to use for commercial purposes only if the relevant individual has provided:

• general consent to the relevant public authority; or
• specific consent to the business requesting the official address data from the public authority.

To ensure compliance with the specific consent requirement, Germany’s public authorities will conduct spot checks of businesses that use official address data. Businesses may be subject to fines if it is determined that they requested official address data without first obtaining the relevant individual’s consent.

The original version of the law was controversial because last-minute changes made by the German Federal Diet (Bundestag) would have allowed businesses to use official address data for commercial purposes without the prior consent of the affected individual, effectively creating an opt-out (rather than opt-in) framework. The German Federal Council, whose agreement was required to pass the law, insisted on the opt-in provision described above. It also added additional restrictions on the use of official address data for other purposes.

The new registration law still must be signed by the German President to become formal law. The expected effective date for the law is May 1, 2015.