EU’s highest court strikes down German data retention law

Germany’s privacy-intrusive data retention law is not compatible with EU law, the European Court of Justice ruled on Tuesday (20 September).

The German law was considered highly controversial as it required telecom operators to store user data for four or ten weeks and to make this data available to law enforcement authorities upon request.

The EU’s highest court has ruled that blanket and indiscriminate retention of telecommunications data is illegal, pointing out that internet and phone service providers can only store traffic and location data of limited users under certain conditions. very strict.

“The court of Justice [ECJ] confirms that EU law excludes the general and indiscriminate retention of traffic and location data, except where there is a serious threat to national security,” the judges said.

Telecom operators may be required to retain user data in such cases, but this requirement should be subject to review by a court or independent administrative body and be limited to a specific period of time, a said the court.

The decision comes after Telekom Deutschland and internet service provider SpaceNet AG challenged data retention obligations under the German Telecommunications Act (TKG).

The German Federal Constitutional Court first rejected in 2010 a law requiring data retention for six months. But the government reintroduced a similar law five years later, prompting further legal action.

“Today is a good day for civil rights, for freedom, for the rule of law,” German Justice Minister Marco Buschmann said on Twitter, welcoming the decision. “We will now quickly and finally remove unwarranted data retention from the law.”

In the past, the ECJ has also argued that data retention laws in Sweden, France, Belgium and the UK are incompatible with EU law.

EU governments have justified widespread and prolonged data retention by citing serious crimes and cases of terrorism.

But privacy campaigners argue that data retention policies are a tool for mass surveillance with damaging effects on society and undermining European values.

Green MEP Patrick Breyer of the German Pirate Party called on the European Commission to enforce the ruling across Europe.

“The mass collection of information about the daily communications and movements of millions of unsuspected people constitutes an unprecedented attack on our right to privacy and is the most invasive method of mass surveillance directed against the country’s own citizens. state,” he said.

In a separate case, the Luxembourg court said that EU laws against market abuse cannot constitute the legal basis for compelling telecommunications providers to provide the personal data of persons suspected of such violations under the law. national.

The decision came after two people, accused of insider trading, challenged the French Financial Markets Authority for requesting personal data from telecom operators from their phones based on French laws.

“Widespread and indiscriminate retention of traffic data…is not permitted, as a preventive measure, for the purpose of combating market abuse crimes, including insider trading,” the European court said.

James R. Rhodes