The German retention obligation for telecom data is in violation of European law, says the European Court of Justice. That is why the government is now removing those regulations from the law. The law would be too general and data would be collected too haphazardly.
The case before the Court revolved around the Telekommunikationsgesetz, a law introduced by the German federal government in July 2017. Under that law, telecom providers were required to store traffic and location data from customers. Two providers, SpaceNet and Deutschland Telekom, filed a lawsuit because they disagreed with the law. That case went to the highest federal administrative court. That Bundesverwaltungsgericht then asked the European Court of Justice to rule. The judge also looked at previous judgments regarding a national retention obligation, such as the law that had already been fired in 2010.
The European Court says now in a statement that the current law is indeed contrary to European law. There are two main problems. First, as confirmed by the Court, the administrative court states that the type of data collected is very broad. On the basis of that data, it is possible to ‘draw very precise conclusions about the private lives of the persons whose data is held’. In addition, according to the Court of Appeal, the collected data is insufficiently protected.
The German law is intended to protect public security against “serious crime and serious threats”, but the data held is too general and not differentiated enough for that, the judge says. The Court does leave room for amendments to the law, provided it meets the appropriate safeguards. This only applies, for example, if data is searched in a targeted manner ‘on the basis of objective and non-discriminatory factors’. There must also be a targeted threat to the Member State.
The German Federal Minister of Justice, Marco Buschmann, says he is happy with the verdict and calls it “a good day for civil rights.” He wants to abolish the law as soon as possible, he says.