Data retention is possible under certain conditions – when national security is threatened. For no reason, it contradicts EU law.
A general and indiscriminate data retention contradicts Union law, as the European Court of Justice (ECJ) has now confirmed in a judgment – and thus opposes the German regulation. However, the ECJ also clears the way for exceptions. Traffic and location data as well as IP addresses can be stored “if there is a serious threat to national security”.
This isn’t new either – back in April there was even a decision on what counts as “national security”. Now the court’s statement says: “In order to combat serious crime, however, the Member States may, in strict compliance with the principle of proportionality, provide for targeted data retention and/or immediate backup of such data, as well as general and indiscriminate storage of IP addresses.”
also read
It is also stated that the Telecommunications Act (TKG) can oblige the operators of publicly available electronic communication services in such a case to “general and indiscriminate data retention of a large part of the traffic and location data of the end users of these services for a period of several weeks”.
Store traffic, location data and IP addresses
The Federal Administrative Court had turned to the European Court of Justice with the question of whether Union law conflicted with national legislation.
It does, but: It is allowed to store traffic and location data “if the member state concerned is faced with a real and current or foreseeable serious threat to national security”. A court or an independent administrative body must control this order, the period is limited. Combating serious crime and preventing serious threats to public safety are also exceptions. In addition to the time factor, necessity is also a condition here.
For data retention:
IP addresses may be generally and indiscriminately retained for the same purposes for a limited period of time when they are assigned to the source of a connection. General and indiscriminate data retention, which releases data relating to the identity of users of electronic means of communication, can also be carried out for the “protection of national security, the fight against serious crime and the protection of public security”.
encroachment on fundamental rights cannot be prevented
The ECJ also sees that this event-related data retention constitutes an encroachment on fundamental rights and writes that a separate justification is therefore necessary. However, it also states: “It follows that national legislation ensuring full compliance with the conditions resulting from case-law in the area of ​​access to retained data inherently constitutes the serious interference with the rights of data subjects resulting from would result from the general retention of such data, neither restrict nor eliminate.” One of the most important points of the critics is that precise conclusions can be drawn about the private life of the people and profiles can be created. The judge of the ECJ confirms this problem, but sees no further possibilities to prevent this apart from the special justification.
The background to the judgment is the legal dispute between the Federal Network Agency and the Internet provider Spacenet and Telekom. Both companies wanted to resist the requirement to store certain data and make it available to authorities. A CJEU expert had already prepared the direction that has now been taken again.
The case is now going back to the Federal Administrative Court, which would have to find that the German regulation violated EU law, which should prompt the federal government to draft a new law. So far, the coalition has been at odds about the design of such a system. More on that will follow shortly.
(emw)
