EU Court rules against German data collection law
A German law requiring telecom companies to retain customer data is a breach of EU law, a European court ruled on Tuesday, prompting the justice minister to promise an overhaul of the rules.
The companies Telekom Deutschland and SpaceNet have taken to German courts to challenge the law requiring telecommunications companies to retain customer traffic and location data for several weeks.
The case went to the European Court of Justice (ECJ) in Luxembourg, which ruled against the German law.
“EU law prohibits the general and indiscriminate retention of traffic and location data,” the court said in a statement, confirming its previous judgments on the matter.
The Federal Administrative Court, one of the highest courts in Germany, had argued that there was a limited possibility of drawing conclusions about the privacy of individuals from the data, and that sufficient safeguards were in place. .
But the ECJ said German law – which required traffic data to be retained for 10 weeks and location for four – applies to a “very broad set” of information.
It “can make it possible to draw very precise conclusions on the private life of the people whose data are kept… and, in particular, to establish a profile of these people”.
The law’s stated purpose was to prosecute serious criminal offenses or prevent specific national security risks, but the court said such measures were not permitted for “preventive” purposes.
However, he said that in cases where an EU state faces a “serious threat to national security” that is “real and present”, telecoms providers can be ordered to retain the data.
Such an instruction must be subject to review and may only be in place for a period deemed necessary.
Following the announcement, Justice Minister Marco Buschmann hailed a “good day for civil rights”.
“We will now, promptly and permanently, remove data retention without legal grounds,” the minister wrote on Twitter.
Data privacy is a sensitive issue in Germany, and its courts have in the past issued rulings to limit security services’ access to people’s data.
Buschmann comes from the liberal FDP party, which has made data protection a key part of its policy.