Germany’s Privacy Win: Why It Matters for International Data Week

Digital governance isn’t just about frameworks and policies, it’s about people, power, and the principles we’re willing to defend when technology overreaches.

And this week, as delegates gather for International Data Week 2025 in Brisbane, they do so against the backdrop of a significant win for digital privacy: Germany’s decision to block the European Union’s controversial “Chat Control” proposal.

The proposal, formally known as the Child Sexual Abuse Regulation, would have required messaging platforms to scan users’ content for illegal material before it’s encrypted. On paper, it was about protecting children. In practice, it risked undermining encryption entirely.

Germany’s refusal to back the proposal stopped it in its tracks. It’s a quiet but powerful victory for data privacy, encryption, and the citizens who made their voices heard.

A Turning Point for Digital Privacy

Over 500 cryptographers and researchers across 34 countries signed open letters warning that “Chat Control” was technically infeasible and dangerously intrusive. Civil society campaigns gathered momentum. And in the end, citizen protest tipped the balance: Berlin could no longer ignore the message that privacy isn’t a privilege; it’s a right.

Patrick Breyer, the digital rights advocate who helped lead the charge, called the decision “a major victory for digital privacy.” He’s right. It’s not just a win for Germany or the EU, it’s a reaffirmation that digital safety can’t come at the cost of universal surveillance.

What makes this moment especially important is its timing. Just as the global data community meets to discuss how to manage, share, and protect data responsibly, Germany’s stance reminds us that privacy and governance are inseparable. There’s no trustworthy data ecosystem without trust itself.

Trust, Encryption, and the Myth of Safety by Surveillance

Encryption isn’t an obstacle to safety; it’s the foundation of it. Weakening it in the name of protection doesn’t make people safer — it just opens the door to new risks, abuses, and backdoors that bad actors will inevitably exploit.

Germany’s rejection of the proposal recognises a reality many policymakers still struggle to grasp: safety and privacy are not opposing forces. They’re partners in resilience.

This is the conversation we should be having during International Data Week:  how to design systems that are secure by architecture, governed by consent, and transparent by design.

Governance and compliance frameworks mean little if the infrastructure itself isn’t trustworthy. Security isn’t a checkbox; it’s culture, design, and accountability. And those are choices we have to make early and deliberately.

Data Week Lessons: Balancing Protection and Rights

As the world dives deeper into AI-driven data ecosystems, the temptation to “scan everything” will only grow. Proponents will argue that detection equals protection. But International Data Week offers a timely space to ask: protection for whom, and at what cost?

If governments can mandate content scanning under the guise of child protection, what stops future expansions: censoring speech, monitoring journalists, or filtering out whatever’s deemed ‘unsafe’ next.? We’ve seen how surveillance tools created for one purpose are repurposed for another. The slope isn’t theoretical; it’s historical.

Germany’s stand proves that democratic resistance to overreach is still possible. It also highlights the power of coalition — activists, technologists, journalists, legislators, and everyday citizens working together to hold the line.

That’s governance in action: not just writing policy, but living its values.

The Bigger Picture: A Model for Data Ethics

What International Data Week attendees can take from this is a renewed sense of alignment between ethics, engineering, and enforcement.

• Ethics: Privacy and protection must coexist; it’s lazy governance to claim we can only have one.
• Engineering: Encryption, zero-knowledge architecture, and secure data sharing aren’t idealistic — they’re achievable, proven, and essential.
• Enforcement: Data laws must serve citizens, not control them. Oversight, transparency, and technical integrity should be non-negotiable.

Germany’s decision wasn’t just a legislative act. It was a statement of principle — that we can, and must, protect children without destroying the digital rights of everyone else.

And perhaps that’s the broader lesson of International Data Week: good governance isn’t about data control; it’s about data stewardship.

As data professionals, technologists, and policymakers gather this week, Germany’s move offers both inspiration and a warning. If we want a truly safe and equitable digital future, we have to build systems that earn trust, not demand it.

So here’s the question worth asking: In our own policies, platforms, and products… are we protecting people, or just managing them?

About the Author

Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions.

She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.