German court strikes blow against EU data-retention regime

03.03.10 @ 09:27

  1. By Honor Mahony
  2. Honor email
  3. Honor Twitter

Germany's highest court on Tuesday (2 March) ruled that a key data-retention law, arising from an EU directive seen as central in the fight against terrorism, contravened Germany's constitution.

  • The German court order the data retention from phones and the internet to be stopped immediately (Photo: EUobserver.com)

The 2008 law required telecommunications companies to retain all citizens' telephone and internet data for six months.

But the proposal caused outrage among German citizens, concerned at breaches of privacy and civil liberty rights. A complaint was brought by 35,000 citizens, the largest number of plaintiffs ever associated with one case.

The constitutional court found in their favour, ruling that the national law breached Germany's basic law on privacy grounds, although it did not call into question the original EU law, which provides for member states storing telephone and internet data for up to 24 months.

The judges ruled that all data stored until now must be deleted and no more data may be held until the national law is revised to conform with the country's basic law.

They found that the law failed to set the barrier high enough for allowing investigators access to the data and failed to ensure sufficient data encryption should the information be stolen.

"The disputed instructions neither provided a sufficient level of data security, nor sufficiently limited the possible uses of the data," the court said. It also noted that "such retention represents an especially grave intrusion."

Justice minister Sabine Leutheusser-Schnarrenberger, one of the plaintiffs as a private citizen, welcomed the decision but interior minister Thomas de Maiziere expressed disappointment and said the government would look to draw up a new law quickly.

"It would be inappropriate to criticize a ruling by the constitutional court, but I have to say that it does not instill happiness," he said, according to Associated Press.

The original EU law was passed after the attacks on New York in September 2001 and was seen as integral to improving security and keeping track of potential militant group activities.

The ruling by Germany's constitutional court has once again highlighted how strongly European citizens feel about their data privacy - something that has been a source of tension with the US keen to access this kind of information in its broad fight against terrorism.

Earlier this month, despite strong lobbying from Washington, the European Parliament voted down an agreement allowing US authorities access to European bank transfers. Following the vote, parliament president Jerzy Buzek said MEPs believed the deal compromised human rights and wanted more civil liberty safeguards.

The next test for EU-US relations in this area is likely to be when MEPs scrutinise the terms of the exchange of detailed air passenger data between the two sides. MEPs in the civil liberties committee will discuss the issue on Wednesday (4 March).