GERMAN DATA protection campaigners have vowed to challenge an EU directive on data retention after a law governing its implementation in Germany was dismissed as an unconstitutional “intrusion”.
A 2008 German law obliged telecommunications companies to retain for six months all citizens’ telephone and internet data, as called for in a 2006 EU directive.
After a challenge by 35,000 citizens, judges in Germany’s constitutional court threw out the law yesterday and forced government lawyers back to the drawing board.
All data retained until now must be deleted, the judges ruled, and further retention is on hold until a new law conforming to the constitution is implemented.
The court made clear that data retention is not unconstitutional. But Germany’s 2008 law was problematic on at least three counts. Any new law must offer greater data encryption in case data falls into the wrong hands. A higher burden of proof is necessary for investigators seeking access to this data, and the data may only be handed over in the case of a clear, defined threat to national security.
In a split decision, the judges ruled that the existing regulations marked “a severe intrusion” into the private sphere of citizens “of a quality heretofore unknown in the legal system”.
In essence, the ruling reflects German sensitivity, arising from historical experience, of allowing the state too much information about its citizens. Although the data law does not allow contents of telephone calls or e-mails to be saved, the judges ruled that a long-term observation as allowed under this law could betray “political preferences, personal preferences, inclinations and weaknesses”.
“The court gave the government a black eye on this count,” said Werner Hülsmann, a data protection specialist and one of the complainants. “The judges have made clear that the German law goes above and beyond the European directive.” Other complainants expressed disappointment that the constitutional court did not make a submission to the European Court for a review of the original EU directive – and announced plans to do so themselves.
The retention law forced German telecoms firms to acquire huge storage facilities. Market leader Deutsche Telekom says it stores around 19 Terabytes of data in any six-month period – the equivalent of 4.85 billion A4 pages. Yesterday it said the information would be deleted immediately, and that the government would be getting the bill for the storage costs since 2008.
The ruling has divided the coalition government in Berlin. Before last September’s election, Free Democrat (FDP) politician Sabine Leutheusser-Schnarrenberger was one of the original complainants. Now federal justice minister, she called the ruling a “great day for data protection” and promised “quick work” to implement the requested changes.
Chancellor Angela Merkel warned yesterday of a data retention “vacuum” and insisted on the need for a robust data retention policy, a position backed by the federal criminal police. Last year it says it used stored telecoms data in 80 per cent of its investigations – some 38,000 cases.