German Federal Constitutional Court overturns law on data retention
Last week the German Federal Constitutional Court overturned a law on the retention of telecommunications data for law enforcement purposes, stating that it posed a "grave intrusion" to personal privacy and must be revised. In their ruling the judges found that the law stands in contradiction to the basic right of private correspondence and does not protect the principle of proportionality, as it fails to balance the need to provide security with the right to privacy. All data on telephone calls, email and internet traffic as well as on the location of mobile phones that have so far been stored by telecommunication providers have to be deleted immediately.
According to the Federal Constitutional Court the communications retention law does not provide adequate protection of personal data and it does not make sufficiently clear what it would be used for. The case was originally brought to the court in 2008, by a record number of almost 35.000 people, including the current Justice Minister Sabine Leutheusser –Schnarrenberger.
The Court, however, did not rule out data retention as such. The judges did not question the admissibility of the EU directive, on which the German law is based. This would have been outside the court’s competences. It merely stated that the law went far beyond the requirements of the EU directive.
The storage and usage of telecommunications data allows to draw conclusions reaching far beyond the private sphere, from which significant personal profiles can be established and people’s movements be tracked. The storage of data could "cause a diffusely threatening feeling of being under observation that can diminish an unprejudiced perception of one’s basic rights in many areas," said the president of the court, Hans Jürgen Papier. Therefore, such interference will have to come with strings attached. The German law has not fulfilled these requirements and thus has been suspended by the Federal Constitutional Court.
The Court requires the German legislature to establish strict measures for the retention of data, which have to be implemented by telecommunication providers, which are responsible for storing the data. In addition, the legislature has to clarify that data retention is only to be used for the prosecution of severe criminal offences. Strict measures have to be established with regard to the usage of retained data by the police for the prevention of crime. The court also demands greater "transparent control" of what the information was used for.
A significant limitation to the Federal Constitutional Court decision is their stance that IP addressing information is not worthy of strong protections under law. According to the court, although it is possible to identify internet users through IP addresses, personal profiles, however, cannot be established, as every time when the user connects to the internet a different IP address is assigned to him.
German civil society groups are not entirely satisfied with last week’s judgment. "The court did not find the retention of data as such unconstitutional and declared that implementing the EU directive on data retention in conformity with the German Constitution is indeed possible. For now the retention of data has been overturned, but there will be new rules", Werner Huelsmann from the German Working Group on data retention told the newspaper Sueddeutsche. "A massive amount of data about German citizens who pose no threat and are not suspects is being retained,"Germany’s Federal privacy commissioner, Peter Schaar told the German television channel ARD.
In response to the ruling the German Working Group on data retention has announced a Europe-wide campaign to end the permanent logging of internet and phone use. With the signatures of one million opponents the group wants to persuade the EU to repeal its data retention directive.