German court strikes blow against EU data-retention regime
By Honor Mahony
Germany's highest court on Tuesday (2 March) ruled that a key data-retention law, arising from an EU directive seen as central in the fight against terrorism, contravened Germany's constitution.
The 2008 law required telecommunications companies to retain all citizens' telephone and internet data for six months.
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
But the proposal caused outrage among German citizens, concerned at breaches of privacy and civil liberty rights. A complaint was brought by 35,000 citizens, the largest number of plaintiffs ever associated with one case.
The constitutional court found in their favour, ruling that the national law breached Germany's basic law on privacy grounds, although it did not call into question the original EU law, which provides for member states storing telephone and internet data for up to 24 months.
The judges ruled that all data stored until now must be deleted and no more data may be held until the national law is revised to conform with the country's basic law.
They found that the law failed to set the barrier high enough for allowing investigators access to the data and failed to ensure sufficient data encryption should the information be stolen.
"The disputed instructions neither provided a sufficient level of data security, nor sufficiently limited the possible uses of the data," the court said. It also noted that "such retention represents an especially grave intrusion."
Justice minister Sabine Leutheusser-Schnarrenberger, one of the plaintiffs as a private citizen, welcomed the decision but interior minister Thomas de Maiziere expressed disappointment and said the government would look to draw up a new law quickly.
"It would be inappropriate to criticize a ruling by the constitutional court, but I have to say that it does not instill happiness," he said, according to Associated Press.
The original EU law was passed after the attacks on New York in September 2001 and was seen as integral to improving security and keeping track of potential militant group activities.
The ruling by Germany's constitutional court has once again highlighted how strongly European citizens feel about their data privacy - something that has been a source of tension with the US keen to access this kind of information in its broad fight against terrorism.
Earlier this month, despite strong lobbying from Washington, the European Parliament voted down an agreement allowing US authorities access to European bank transfers. Following the vote, parliament president Jerzy Buzek said MEPs believed the deal compromised human rights and wanted more civil liberty safeguards.
The next test for EU-US relations in this area is likely to be when MEPs scrutinise the terms of the exchange of detailed air passenger data between the two sides. MEPs in the civil liberties committee will discuss the issue on Wednesday (4 March).