Skip to content
Master Your FinancesMaster Your Financial FutureMaster Your MoneyShopping

Germany's Controversial AI Surveillance Laws Spark Mass Privacy Backlash

Unprecedented AI surveillance powers could soon be in Germany's hands. Privacy advocates and legal experts are racing to stop what they call a dangerous overreach.

 and  Administrator
4 min read
The image shows a group of police officers standing in front of a large building with windows,...
The image shows a group of police officers standing in front of a large building with windows, pillars and arches. There are vehicles on the road and a person holding a camera on the left side of the image. In the background, there are trees, traffic signals with poles, flags with poles and a clear blue sky. This image is likely related to the recent news that the German government has announced that the EU will not be allowed to enter the country.

In Brief

  • New draft laws would allow German security agencies to use AI-powered tools such as automated biometric matching with internet data and cross-procedural data analysis.
  • Authorities like the Federal Criminal Police Office (BKA) could then cross-reference biometric data for criminal investigations and consolidate information from various police systems using specialized software.
  • AlgorithmWatch criticizes the plans as unlawful mass surveillance under EU law and warns that permitting private foreign firms to handle data matching would undermine data protection safeguards.

Main Story

Germany's Controversial AI Surveillance Laws Spark Mass Privacy Backlash

Draft legislation from the Interior and Justice Ministries would grant security agencies sweeping new powers for AI-driven surveillance. AlgorithmWatch warns of EU-illegal mass surveillance.

In early March, Federal Interior Minister Alexander Dobrindt and the Justice Ministry presented three departmental draft bills aimed at equipping security agencies with new AI-assisted investigative tools. The proposals are set to be discussed by the federal cabinet on April 29.

The drafts from the Federal Ministry of the Interior (BMI) and the Federal Ministry of Justice (BMJV) introduce two core powers: automated biometric matching with publicly accessible internet data and the use of cross-procedural analysis platforms.

Specifically, the Federal Criminal Police Office (BKA), Federal Police, and the Federal Office for Migration and Refugees (BAMF) would be authorized to collect biometric data—such as facial images or voice recordings—from the internet and automatically cross-reference them with police databases. According to the BMI's drafts, this would serve to "identify individuals, determine their whereabouts, investigate facts, or establish connections." Real-time data, such as livestreams, would explicitly be excluded. Meanwhile, the Justice Ministry's draft proposes the same authority for criminal prosecution under the Code of Criminal Procedure, even permitting biometric matching for witnesses—not just suspects.

Government Justifies Drafts with Terrorism and Organized Crime

The proposals cite the "high abstract threat level" posed by international terrorism and a series of violent crimes in 2025—including incidents in Mannheim, Solingen, Magdeburg, Aschaffenburg, and Hamburg—as justification. "The threat from terrorist and criminal networks necessitates the use of technological tools, including artificial intelligence, in both threat prevention and law enforcement," states the BMI's legislative reasoning.

Beyond biometric internet matching, the drafts include a second far-reaching power: automated data analysis. Police data is currently scattered across numerous disconnected systems—case management, incident processing, and information systems like INPOL—which are manually queried. The new provisions would enable security agencies to merge and analyze data from various police information systems using specialized software. According to the drafts, this would allow authorities to "identify and establish cross-file and cross-system relationships or connections between cases, proceedings, individuals, groups, institutions, organizations, objects, and items." Companies like the U.S. firm Palantir already offer such analytical capabilities.

Outsourcing to Private Foreign Firms Undermines Protections

In a statement, AlgorithmWatch argues that the proposed internet image matching cannot function without first building a database. A legal opinion commissioned by the organization, along with an analysis by the German Bundestag's Scientific Services, concludes that images from the web must first be collected, preprocessed, and converted into biometric templates before efficient matching is possible.

However, this is precisely what Article 5(1)(e) of the EU AI Act prohibits: the "placing on the market, putting into service for this specific purpose, or use of AI systems that create or expand facial recognition databases by indiscriminately scraping facial images from the internet."

Draft Laws Bypass Biometric Surveillance Dilemma by Outsourcing to Private Firms

According to digital rights group AlgorithmWatch, the proposed legislation sidesteps the core dilemma by including an outsourcing clause—allowing biometric matching to be delegated to private companies, both domestic and foreign. The Federal Criminal Police Office (BKA) would be permitted to "have the matching carried out by a public or non-public entity in a third country" if it lacks the technical capacity to do so itself. Under certain conditions, this could even involve deviations from the requirements of Germany's Federal Data Protection Act.

In a statement, the human rights organization AlgorithmWatch condemned this outsourcing provision as an attempt to "render all restrictions introduced by the legal texts utterly absurd."

The controversial practice of facial recognition systems in Europe has already faced fierce opposition from data protection authorities, as demonstrated by the fines imposed on U.S. firm Clearview AI—a company that provides precisely this kind of biometric matching for law enforcement. The Dutch data protection authority levied a fine of €30.5 million, while France and Greece each imposed €20 million, Italy another €20 million, and the UK £7.5 million. Beyond Clearview AI, other potential providers exist in the U.S., Dubai, and Israel.

AlgorithmWatch Calls for Total Ban on Biometric Mass Surveillance

AlgorithmWatch argues that the proposed powers are "in violation of EU law" and incompatible with constitutional minimum standards. In its statement, the organization warns that the measures would have an "extremely broad scope," potentially affecting anyone whose facial images or audio recordings are accessible online—including footage from protests, political rallies, or religious services. This, it says, involves highly sensitive data and has a "profoundly chilling effect," as individuals remain unaware of whether or when their data might be analyzed by AI systems.

The group is therefore urging lawmakers to withdraw the draft laws entirely and instead "introduce a comprehensive legal ban on the use of biometric mass surveillance systems by both public and private entities." To push for this, AlgorithmWatch has launched a petition, with initial signatories including Reporters Without Borders, Amnesty International Germany, the Chaos Computer Club, and former German Justice Minister Sabine Leutheusser-Schnarrenberger.

AlgorithmWatch also points to a parallel initiative by the Finance Ministry: A draft law aimed at strengthening customs authorities would grant them powers to conduct biometric internet matching and automated data analysis, along with a new administrative procedure for seizing suspicious assets.

Read also:

Related

Latest