The European Court of Justice rejects the German rules on data retention. These have been on hold for five years – now the coalition in Berlin is facing a new debate on how to proceed.
New round in a debate that has been going on for years: Germany must change its data retention regulations. The European Court of Justice (ECJ) decided on Tuesday. A “general and indiscriminate” storage is inadmissible, but a targeted one is possible in the case of serious crimes and “with strict observance of the principle of proportionality”. However, the German regulations have been on hold for five years anyway. A new debate is likely to arise in the federal government over the question of what follows from the verdict: Federal Interior Minister Nancy Faeser (SPD) advocates the controversial instrument for the law enforcement authorities, while the coalition partners FDP and Greens reject it.
Data retention means that telecom companies must back up their customers’ phone and internet connection data for a specified period of time so investigators can access it if necessary. The question of which possible criminal offenses this is permitted and how long the data must be stored has been debated in Germany for years. Many investigators and security politicians see it as an indispensable tool in the fight against terrorists or organized crime, while civil rights activists consider it largely ineffective or excessive because it places everyone under general suspicion.
The previous guiding principle of the judges at the ECJ, who have already ruled on similar cases in other countries, was: Saving without a specific reason violates EU law. Exceptions can only be made in the event of an acute threat to national security – under tight conditions – or in the case of mobile phone data in certain locations. The ECJ, on the other hand, recently approved the storage of IP addresses of surfed pages without any specific reason.
Based on an EU initiative, data retention has been in force in Germany since 2008. At that time, companies had to record for seven months who called whom when, who wrote an e-mail or accessed a website. In 2010, the Federal Constitutional Court overturned this law. In 2015, a new version with shorter storage periods was then decided. Legal proceedings followed at different levels – and when the Higher Administrative Court of North Rhine-Westphalia declared the regulations invalid in 2017, the federal government effectively suspended them. The Federal Administrative Court finally referred the question to the ECJ.
Last but not least, in order to be able to better combat sexualized violence against children and young people, Interior Minister Faeser wants law enforcement authorities to be able to identify abusers on the Internet by storing data. Their argument: punishing them should not be prevented by data protection.
In their coalition agreement last year, the SPD, Greens and FDP wrote a rather vague compromise formula: “The regulations on data retention will be designed in such a way that data can be stored legally and as required by a judicial decision”. The coalition partners now interpreted this sentence differently. Federal Minister of Justice Marco Buschmann (FDP) replies to Faeser that it has been agreed to “finally abolish data retention without cause”. Konstantin von Notz, deputy parliamentary leader of the Greens, says his party sees “neither legal nor political leeway for a new edition”.