Who’s pulling the cart on data protection? At least in Germany, that has traditionally been government’s role, and that has made the German regulatory environment one of the fiercest in the world for foreign enterprises and organizations. U.S. companies in particular are often reluctant to engage in the German market for fear of running afoul of the strict laws, but the same actually goes for the EU as a whole. Witness Amazon Web Services decision to build two separate clouds, one (based in Dublin) for Europe and another for the rest of the world.

So it may come as a surprise to hear a voice raised in Germany demanding a whole new deal on data protection. Sven Gábor Jánszky is the founder of 2B Ahead, a think tank based in Halle, a backwoods town in the wilds of former East Germany. Presumably that gives him enough time to think deeply about serious issues such as Digital Identity.

His solution may sound simple – let business take care of it – but it isn’t. And especially coming from someone in the typically paternalistic Old Europe, it’s downright seditious.

And what is even more surprising was that ARD, the largest German TV station, gave Mr. Jánszky a spot on its prime time “Tagesthemen” news show to voice his opinion. “We need to reinvent data protection”, he told an audience of millions of German watchers, “and business, especially the IT business, needs to take the lead.”

How often do identity gurus in the U.S. get to air their views on “60 minutes”?

Anyway, Jánszky thinks that the concept of the state protecting people’s privacy is so 20th century. “They want to share their personal information”, he believes, and it’s the job of business to help them do it in a controlled fashion. He thinks it’s high time the industry takes the lead in creating a system that will allow everyone to distribute personal information freely, but retain a final say in where it goes and how it’s used. For starters, he says, companies should provide users full disclosure on what data about them they have stored. This would be a first step towards establishing a trust relationship, and that is something any company should be interested in. Trust leads to loyalty, and that means return customers and more moola in the till.

The role of government, Jánszky says, is simple: Stop trying to build walls around the consumer and instead focus on passing laws that enable companies to use personal information, provided they do so in a responsible way and with the full content and oversight of the consumer.

This may not sound exactly new to some within the identity community. But then, has anybody been on national TV lately to espouse their views? The Germans may be behind (or ahead, depending on your point of view) in terms of draconian privacy laws, but at least they have a public discussion going. Wonder where it will finally lead…

I was talking recently with Joerg Mauz, the CIO of a small German company called Ansmann AG that makes batteries and chargers for laptops and mobile phones. They may be tiny by some standards, but they have a big global footprint, and their  300 people are distributed around the globe from Shanghai to Macau to Stockholm and soon the U.S. as well. I asked him whether he thought Identity Management was a big issue for small companies like his, and he laughed. “They don’t know what it is”, he said, and then added: “Even though they may be doing it themselves already.”

Ansmann is a good case in point: They had been using software provided by Sun Microsystems for years, and their license included the Identity Manager product – but they neither knew nor cared. “We sort of started doing IdM by accident”, he told me.

But when Joerg Mauz decided he needed to start doing e-provisioning to handle the influx of new people in his fast-growing company, and seeing as how his boss wasn’t going to give him any additional budget anytime soon, he took another look at Identity Manager and decided he could get what he wanted more or less for free. All he had to do was ask his system house, Kogit in Darmstadt, to write a few lines of additional code (it eventually paid them for 35 man days), and suddenly he had a neat little workflow that could handle logical and physical assets, anything from mail accounts to company badges, laptops and company cars.

He still doesn’t see himself as doing Identity Management. And if his story is any proof, then IdM vendors and providers would do good to stop trying to sell them something they don’t really understand and doesn’t terribly interested them in the first place.

Instead, they should focus on solving the problems people really have. And they may go under completely different monikers. That applies especially to the German “Mittelstand”, the thousands of small and medium-sized companies that make up the backbone of the German economy.