Ensuring the safety of gender registration
Cryptography enables data protection-compliant solution for official data synchronisation
2024/10/25 by CROSSING/Seyda
A new study by the Technical University of Darmstadt in cooperation with the University of Kassel sheds light on data protection problems in data comparison between authorities, using the example of the Self-Determination Act. The researchers show that the private intersection calculation can serve as a data protection-compliant solution. In this way, the interests of both citizens and security authorities can be protected. This could be of particular importance with regard to the planned reform of the law on names.

The (opens in new tab) by Cryptography and Privacy Engineering Lab of interdisciplinary analysis (TU Darmstadt) and the Public Law, IT Law and Environmental Law Group of Professor Thomas Schneider (University of Kassel) uses the example of the Self-Determination Act (SBGG), which was passed in April 2024, to show the problems that can arise when data is exchanged between authorities. For the first time, the SBGG allows trans*, intersex and non-binary people to change their first name and gender marker through a simple self-declaration, and represents a step towards empowerment. However, a rejected government draft of the SBGG contained a provision on data disclosure which, according to media reports, remains a cause for concern as it may be revisited in a planned reform of the Name Change Act. Professor Gerrit Hornung
Risks for individuals
The originally planned regulation of the Self-Determination Act (Section 13 (5) of the draft)(opens in new tab) provided that all changes of civil status entries would be transmitted to a large number of security authorities, from the Federal Criminal Police Office to the Military Counter-Intelligence Service. Specifically, surname, previous and changed first names, date and place of birth, nationality, previous and changed gender entry, address and date of change were to be transmitted. According to the explanatory memorandum to the Act, the purpose of this measure was to ensure that a person could be traced after changing his or her gender marker and first name.
The Federal Data Protection Commissioner criticised this from a data protection point of view. Those affected saw the regulation as a general suspicion of people who change their name and gender entry, especially as all data on people who are not even known to the security authorities should be passed on. Although such irrelevant data should be deleted immediately, this is technically difficult and not verifiable. A blanket transfer of data would have entailed enormous risks for those concerned: the collection of sensitive data and its possible misuse was partly associated with historical examples such as the so-called 'pink lists' of the National Socialists. These continued to be used by police authorities to persecute queer people even after the Second World War. In view of the current rise in queer-hostile criminal offences and fears of data leaks from security agencies, the unprovoked transfer of data between authorities could have endangered the safety of trans*, intersex and non-binary people.
Cryptography enables selective transfer
Security researchers, such as computer science professor Thomas Schneider from the profile topic Cybersecurity and Privacy, recognise the legitimate interest of security authorities in keeping their registers up to date. However, the legislator assumed that secure, selective data transmission was not possible. In doing so, it overlooked a crucial technical solution: 'Private Set Intersection' (PSI). PSI allows reporting data to be exchanged only if there is a match between the databases of the authorities involved.
This means that the authorities only receive information about people who are already in their registers – without the data of uninvolved or unknown people being transferred. The study now presented by the researchers from Darmstadt and Kassel recommends testing technical options such as PSI for official data comparisons instead of blanket data transfers. They ensure data minimisation and serve the interests of the state in a similar way to blanket data transfers, but reduce the risk of discrimination. However, measures for society as a whole, such as education and open discourse, are also necessary to effectively combat discrimination.
The research was presented on 26 September 2024 by (TU Darmstadt) and Andreas Brüggemann (University of Kassel) at the workshop 'Law and Technology: Privacy in Discourse' at the Informatik Festival 2024 in Wiesbaden. The study was funded by the German Research Foundation (DFG) as part of the Linda Seyda and supported by the Research Training Group Privacy & Trust and the European Research Council through the ERC Starting Grant for the project Collaborative Research Centre CROSSING. Privacy-Preserving Services Over the Internet (PSOTI)
Contact:
Andreas Brüggemann
Doktorand*in, Fachgebiet ENCRYPTO
brueggemann@encrypto.cs.tu-…
Publication
Linda Seyda, Andreas Brüggemann, Gerrit Hornung, Thomas Schneider. (opens in new tab). In: Recht und Technik: Datenschutz im Diskurs (RuT'24), LNI, GI, Wiesbaden, Germany, September 26, 2024 Multi-Party Computation als Instrument zur Umsetzung datenschutzkonformer behördlicher Datenabgleiche: Eine interdisziplinäre Analyse am Beispiel der Diskussionen um das Gesetz zur Selbstbestimmung über den Geschlechtseintrag