No. Doxxing—revealing private personal data without consent—violates German law under the General Data Protection Regulation (GDPR) and the Criminal Code (StGB). The Federal Commissioner for Data Protection and Freedom of Information (BfDI) enforces penalties, while the 2026 Digital Services Act (DSA) amendments intensify scrutiny on online platforms facilitating such acts. Offenders face fines up to €20 million or imprisonment under § 201a StGB (violation of personal rights) and § 42 BDSG (GDPR sanctions).
Key Regulations for Doxxing in Germany
- § 201a StGB (Violation of Personal Rights): Criminalizes the dissemination of another’s intimate or identifying data with intent to harm, punishable by up to 2 years’ imprisonment or fines. Applies even if data is publicly accessible but repurposed maliciously.
- GDPR (Art. 5, 6, 82): Mandates lawful processing of personal data; unauthorized disclosure breaches Art. 5(1)(a) and triggers compensation claims under Art. 82. The BfDI actively investigates complaints.
- NetzDG (2026 Amendments): Expands reporting obligations for social media platforms (e.g., X, Facebook) to remove doxxing content within 24 hours of flagging, aligning with EU DSA enforcement. Non-compliance risks fines up to 6% of global turnover.
Local courts (e.g., Berlin’s Kammergericht) have upheld convictions for doxxing targeting public figures and private individuals, emphasizing intent over scale. Platforms must implement automated detection tools under the amended NetzDG to avoid liability.