In the 1990s, privacy and data protection were not issues that would stir many people from their easy chairs. If data leaks in the commercial sector make big headlines today and large rallies take place against surveillance laws, we can safely say that part of the credit for that change goes to these awards, which have become a widely recognised name: The BigBrotherAwards.

We began this negative award in 2000, naming those responsible for privacy violations, surveillance technology and legislation, and ceaseless data hoarding. The BigBrotherAwards turned the spotlight on customer “loyalty” cards, consumer scoring, toll cameras, colour copiers, and mobile phone surveillance, pointing out how civil rights and privacy are threatened by these developments. The awards have warned ahead of time about the electronic health insurance card, the tax ID, and data retention. And they spoke out about the foreigners’ register, eavesdropping on private homes in state investigations, and anti terror laws.

How do the “winners” react? With the well-known combined response: ignore, deny, talk down. Politicians have had a lot of practice – and so have company PR departments. Meanwhile behind the scenes, the atmosphere is often more stressful: especially in companies and government authorities, frantic searches begin for the “leak” – not, unfortunately, referring to their deficient security but to the informer who contacted the BigBrotherAwards.

The BigBrotherAwards receive hundreds of nominations each year – from duped customers, spied-upon workers, from administrators, software developers and civil servants. Sometimes a short email gets things going, sometimes we receive a whole dossier. We look at all suggestions, watch technological and political developments, and investigate.

Whether it’s companies or politicians, the “winners” are consistently not much pleased by the award. They very rarely visit the awards gala. With surprising exceptions: Microsoft flew in their data protection official in 2002 to accept their lifetime award. And Deutsche Telekom had the courage in 2008 to pick up their award. In fact, Telekom discreetly inquired months before the gala if they might be in for an award that year – they “could imagine they had earned it …”

Others thought they could just ignore their award. Bayer AG, for example – nominated for drug-testing their apprentices by urine sample – did not bother to respond. But a few months later we received an invitation from the “Critical Shareholders” group and a few Bayer shares were signed over to us. That gave us the right to speak at Bayer’s annual meeting, which is why the award was not handed over in front of 500 people at the Bielefeld gala but in front of 5,000 people at the Bayer AGM in Cologne.

Some winners issue open or veiled threats of legal action, such as Deutsche Post or Lidl. Lidl – having received a BigBrotherAward as early as 2004 for snooping on employees – sent a registered letter on the day of the gala to prevent us from reading out the laudation. We went ahead with the award, of course. We knew our investigations were water-tight – and Lidl knew that taking legal action would only have given them more bad PR. Lidl – who had maintained so far that their relationship to the press was that they didn’t have one – did react: no, they did not stop employee surveillance, they acquired a Public Relations department instead.

Politicians are largely immune to feedback. Neither Otto Schily (2005, then German Interior Minister) nor Ulla Schmidt (2004, German Health Minister) nor Volker Bouffier (2005, Interior Minister of the state of Hesse) resigned after receiving their BigBrotherAward. But at least the data scandal at Deutsche Bahn spelled the end for its CEO Hartmut Mehdorn. And there is the occasional late success.

In 2002, we decorated the Federal Criminal Police Office (Bundeskriminalamt, BKA) for its “preventive” database. Then in 2008 the Higher Administrative Court of the Federal State of Lower Saxony ruled that the “Violent Offenders Sport” database was lacking adequate legal foundation – and had to be erased. The same applied to the other preventative databases.

In 2000, we gave a BigBrotherAward to the Central Foreigners Registry (Ausländerzentralregister) for institutionalised discrimination of non-German residents. Meanwhile the European Court of Justice stated in a ruling on 16 Dec 2008 that the register violates the non-discrimination rule.

In other cases, illegal practices were stopped after we highlighted them, but only temporarily. For example, we gave a BigBrotherAward to T Online (the ISP branch of Deutsche Telekom) in 2003 for retaining logs of IP address assignments, even for flat-rate customers where such logs are not required for billing. A customer took legal action against T Online and won the case. But that success was rendered obsolete when telecommunications data retention was introduced in January 2008, which mandates storing connection data for all telephone and Internet services.

Metro AG were nominated in 2003 for their “field trial” of RFID radio chips on goods sold in a supermarket in Rheinberg near Duisburg. RFID are tiny chips with an antenna that contain product information and a globally unique ID, which can be read via radio waves. This is a threat to privacy, because reading the data does not require physical or line-of-sight contact, so it can go unnoticed. We discovered only a few months later how right we had been to give Metro this BigBrotherAward. FoeBuD discovered that the company had been hiding additional RFID spy chips in the supermarket’s version of the “Payback” loyalty card – without informing their customers. We alerted the press and organised a rally – the first rally ever against RFID technology, the images went around the world. Metro eventually withdrew their “bugged” cards. This success inspired many and showed that resistance is not futile. As German news magazine “Spiegel” wrote at the time: “It is an unequal confrontation – a handful of voluntary enthusiasts against companies worth billions – but it is yielding results.”

From a small voluntary association to a civil rights movement

Our most important success is the difference we made in people’s minds. Data protection and privacy is now an issue at the heart of society. The fact that so many data leaks became public scandals in the last 18 months is partly due to the increasing awareness that an injustice is happening – and that we need to do something about it.

That “handful of enthusiasts” (as Spiegel put it) has become a large civil rights movement by now. The Constitutional Complaint against data retention found 34.000 co complainants, making it the largest such action in German history. Our rallies against surveillance under the motto “Freedom Not Fear” (Freiheit statt Angst) continue to get tens of thousands of people onto the streets. More than 160 organisations joined our call for this year’s rally in September. This included civil rights campaigns as well as professional organisations of journalists, doctors, and lawyers, citizens’ advice institutions, trade unions, and politicians of various colours. They overcame differences in perspective and joined the rally to support privacy and civil rights.

We raise our voices to intervene, among others, in the current negotiations to form a conservative-liberal coalition government in Berlin after the last elections. And we will keep the pressure going.

One thing is clear: our mission for a world worth living in the digital age has only just begun. Help us out!