Germany
ECJ: Data retention violates EU law
Data retention has occupied courts for years and divided opinion. The ECJ is now deciding on the controversial regulation. photo
© Jens Büttner/dpa-Zentralbild/dpa
The highest EU court remains true to its line and sets strict limits on data retention without cause. The German regulation, which has not yet been applied, violates EU law.
According to a ruling by the highest EU court, the German regulation on data retention is not compatible with European law. A general and indiscriminate data retention of connection and location data is contrary to Union law. This was announced by the judges of the European Court of Justice (ECJ) on Tuesday. An exception applies if there is a serious threat to national security. General data retention of IP addresses is also permitted. The ECJ thus confirms its previous case law.
According to the judges, the set of connection and location data, which should be stored according to the German regulation, can enable very precise conclusions to be drawn about the private life of the person – for example about habits of daily life or the social environment. This allows a profile of these people to be created. According to the judges, this is an encroachment on fundamental rights that requires a separate justification.
It is not the first judgment for the ECJ in matters of data retention. The highest EU court has repeatedly had to decide on data retention in recent years. He usually overturned the national regulations or significantly restricted them.
Controversial for years
The so-called data retention has been highly controversial for years: while security politicians see it as a key tool in the fight against organized crime, child pornography and terrorism, civil rights activists and consumer advocates consider it an inadmissible invasion of privacy.
The background to the judgment is a legal dispute between the Federal Network Agency and the Internet provider SpaceNet and Telekom. The companies are opposed to a requirement to keep certain data for access by the authorities, such as the time and the parties to a phone call. It is about, for example, who called who when and for how long or with which IP address someone was surfing the Internet. The content of the communication will not be saved. The Federal Network Agency had already put the German regulation on hold in 2017 after the Münster Higher Administrative Court decided that SpaceNet should not be obliged to store the data. That was a few days before the new rule was supposed to come into force.
After the ECJ ruling, this law is no longer valid in its current form. Now the case goes back to the Federal Administrative Court. That would have to establish that the German regulations on data retention violate EU law. The federal government would then have to observe the requirements of the ECJ in a new law.
New law?
However, it is still completely unclear whether there will be a new law and what it will look like. The coalition recently disagreed on the subject: while the Greens and FDP reject data retention, Interior Minister Nancy Faeser (SPD) recently spoke out in favor of at least securing IP addresses in order to be able to better track child sexual abuse on the Internet.