Discussion about this post

User's avatar
Sergej_Ivanov's avatar

As data protection professionals, you and I, so we were aware of the issue with IBM, but the roles of other named individuals and companies and their actions were completely new to me.

Here some further investigation and background - hope I do not bore you with such thoughts!!

Yes, IBM's involvement in the Holocaust is well-documented through historical research, particularly in Edwin Black's book IBM and the Holocaust (2001).

Hence this played a BIG ROLE on the development of German data protection law!

The role of IBM and its German daughter / subsidiary Deutsche Hollerith-Maschinen Gesellschaft (Dehomag), provided punch card systems and machines used by the Nazis to conduct censuses (e.g., in 1933 and 1939).

This technology enabled the efficient collection and analysis of (today known a sensitive) data, which was used, among other things, to identify, isolate, and deport Jews, Sinti, Roma, and other "undesirable groups".

According to Edwin Black, IBM, particularly through its then-CEO Thomas J. Watson, was actively involved in business dealings with the Nazi regime. The company supplied customized punch cards, maintained the machines, and supported logistics, even in concentration camps. Although IBM claims it had no detailed knowledge of how the technology was used, documents show that cooperation continued through European subsidiaries even after the war began.

In 2001, a lawsuit was filed against IBM but was dropped to avoid delaying compensation payments to Holocaust victims. IBM paid $3 million into a compensation fund without admitting liability.

IBM's involvement and the use of data collection technologies by Nazis had a lasting impact on the development of German data protection law, particularly through heightened awareness of the dangers of data misuse.

The experiences of the German Nazi era, during which personal data (e.g., from censuses and registries) were used to persecute and exterminate people, shaped the understanding very much that data collection can be (an IS) dangerous. This awareness was further reinforced by surveillance in the German Democratic Republic (GDR /DDR).

In 1970, Hessen introduced the world's first data protection law, followed by the Federal Data Protection Act (BDSG) in 1977. These laws emerged from the recognition that the state must protect citizens from data misuse. The "father of data protection," Professor Spiros Simitis, emphasized the need to strictly regulate access to personal data.

Influence on the GDPR: Germany's stringent data protection standards influenced the EU General Data Protection Regulation (EU GDPR) of 2018, which established a high level of protection for personal data across the EU. The EU-GDPR mandates principles such as consent for data processing, the right to access and delete data, and protection against misuse . Those principles rooted in historical sensitivity to data abuse.

The historical experience led to a particularly cautious stance in Germany (as we have seen in our work together when it came to UK/US project... ;-) ) toward data protection. This is evident in skepticism toward large technology companies and a strong emphasis on individual rights to informational self-determination.

Hope it makes sense and is somehow interesting.

Again thanks a lot James for making me think about all this and learning so many new things about very wealthy CEOs/Company owners that are both bespoken in school history books and books by researchers.

Best regards, Sergej

Expand full comment

No posts