EU's top court overturns German data-retention law
-
The German law was considered highly controversial because it required telecom operators to store users' data for four or ten weeks (Photo: Pixabay)
Germany's privacy-invasive data-retention law is not compatible with EU law, the European Court of Justice ruled on Tuesday (20 September).
The German law was considered highly controversial because it required telecom operators to store users' data for four or ten weeks and make this data available to law enforcement authorities on request.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
The EU's top court said that blanket and indiscriminate telecommunications data-retention is illegal — pointing out that internet and phone service providers can only store limited users' traffic and location data under very strict conditions.
"The Court of Justice [ECJ] confirms that EU law precludes the general and indiscriminate retention of traffic and location data, except in the case of a serious threat to national security," the judges said.
Telecom operators can be asked to retain users' data in such cases, but this requirement must be subject to the review of a court or an independent administrative body and be limited for a specific period of time, the court said.
The ruling comes after Telekom Deutschland and internet service provider SpaceNet AG challenged data-retention obligations under the German Law on Telecommunications (TKG).
The German Federal Constitutional Court in 2010 first rejected a law requiring data-retention for six months. But the government reintroduced a similar law five years later, prompting the new legal action.
"Today is a good day for civil rights, for freedom, for the rule of law," said German justice minister Marco Buschmann on Twitter welcoming the ruling. "We will now swiftly and finally remove unjustified data-retention from the law."
In the past, the ECJ has also argued that data retention laws in Sweden, France, Belgium and the United Kingdom were incompatible with EU law.
EU governments have justified blanket and prolonged data-retention by citing serious crimes and terrorism cases.
But privacy activists argue that data-retention policies are a tool of mass surveillance with damaging effects on society and undermining European values.
Green MEP Patrick Breyer from the German Pirate Party has called on the EU Commission to enforce the ruling throughout Europe.
"The bulk collection of information on the everyday communications and movements of millions of unsuspected people constitutes an unprecedented attack on our right to privacy and is the most invasive method of mass surveillance directed against the state's own citizens," he said.
In a separate case, the Luxembourg-based court said that EU laws against market abuses cannot constitute the legal basis to oblige telecom providers to provide the personal data of those suspected of such violations under national law.
The ruling came after two individuals, who were accused of insider trading, challenged the French Financial Markets Authority for requesting telecom operators' personal data from their telephones based on French laws.
"The general and indiscriminate retention of traffic data … is not authorised, as a preventive measure, for the purpose of combating market abuse offences including insider dealing," the EU court said.