We are excited to share that we are set to begin a new chapter with Dropbox, Inc. Dropbox is acquiring our IP technology to embed natively into the Dropbox product, bringing end-to-end, zero-knowledge encryption to millions of business customers around the world. Check out our blog to find out more!

Data Privacy in Healthcare

Robert Freudenreich | CTO


Data Collection Frenzy of the German Health Ministry - We Criticize the Plans of Jens Spahn

Update: On November 7, 2019, the German Bundestag passed the law without further changes.

On Thursday, November 7, 2019, the new version of the “Digitale-Versorgung-Gesetz” (Digital Supply Act, or DVG) is to be passed in the Bundestag. The creation of a database of all health data of all German health insurance patients is currently causing a stir among data protectors.

The planned procedure foresees that the statuatory health insurers will forward the personal data and treatment data of all insured persons to the GKV-Spitzenverband. Here they are to be stored in a pseudonymized way. The collected data should then be usable for research (and possibly also for industry). Possibilities for patients to object and plans for the encryption of the data are not specified in more detail in the draft law. These points are to be worked out in the Ministry of Health after adoption by the Bundestag.

Criticism of the Digitale Versorgung-Gesetz (DVG)

We agree with the opinion of the Federal Data Protection Commissioner and strongly criticise the plans of the Ministry of Health.

Robert Freudenreich, CTO of Boxcryptor

I find it irresponsible to introduce a law into the Bundestag that would encroach so deeply on the rights of patients without defining a security strategy first.

(Robert Freudenreich, CTO of Boxcryptor)

Read our statement below.

Patients Lose Track of Their Data

The storage of personal data in a central database is not traceable for patients. Patients do not have an overview of who accesses their personal data, for what reasons and at what time. In times when data protection is becoming increasingly important, this is – in our opinion – a fatal signal.

No Possibility to Opt-out

The draft law does not currently provide any possibility of appeal. All data of all legally insured persons will be collected in a database. We condemn this plan.

Companies Could Gain Access

Many data protectors and security experts are irritated that the draft law does not explicitly exclude access to data by companies. In this way, information could be passed on to for-profit companies without the consent of those affected. This is not in line with our view of modern and individually oriented data protection. Since this is highly personal data with often intimate information, such access is unethical in our eyes.

Missing Encryption

So far, no information has been provided on how the patient data will be protected. Encryption is planned, but the technical details have not yet been defined. This is fatal, because in our opinion it should be clear in such a project that nothing but genuine zero knowledge encryption is used. The vague statement of the ministry spokesman that data protection “enjoys the highest priority” is too unclear for us at this point.

Germany Gets an Image Problem

So far, Germany has been considered as a pioneer when it comes to data protection. Our standards are internationally recognized when it comes to privacy. The GDPR has been influenced significantly by the existing German data protection laws. Gambling away this reputation harms Germany as a business location, because Made in Germany is a guarantee for high security standards, especially in the IT sector.

Boxcryptor Stands for Data Protection

As the founder of a software company for encryption, we are fully committed to the topic of data protection. Privacy is an important asset, which we protect and defend with Boxcryptor. The new “Digitale-Versorgung-Gesetz” torpedoes these efforts. We call on the Ministry of Health to remove the planned database from the bill or at least revise the plans.

Compartir este artículo

Artículos relacionados


Our New Chapter with Dropbox: What Boxcryptor Users Need to Know

Last week we already announced that we sold important technology assets to Dropbox. What our customers need to know now, we explain in detail here.


A letter from our Founders: We’re joining Dropbox!

Almost 12 years ago, we set out to make complex security solutions easy to use. Now we are excited to share that we are set to begin a new chapter with Dropbox, Inc.

Dummies Book Cover and Back

CLOSED We Celebrate Our Book Release: Your Chance to Win

We have published our first book to get even more people excited about the cloud and data security. Celebrating the official launch, you can win printes copies and Boxcryptor licenses in our raffle. Read about the details in our blog post.