A new round in a debate that has been going on for years: Germany must change its regulations on data retention change. The European Court of Justice (ECJ) decided on Tuesday. A "general and indiscriminate" storage is inadmissible, but a targeted one is possible in the case of serious crimes and "with strict observance of the principle of proportionality". The German regulations have been on hold for five years. A new debate is likely to arise in the federal government over the question of what follows from the verdict: Federal Interior Minister Nancy Faeser (SPD) advocates the controversial instrument for law enforcement agencies, the coalition partners FDP and Greens reject it.
Data retention means that telecom companies must back up their customers' phone and internet connection data for a specified period of time so investigators can access it if necessary. The question of which possible criminal offenses this is permitted and how long the data must be stored has been debated in Germany for years. Many investigators and security politicians see it as an indispensable tool in the fight against terrorists or organized crime, while civil rights activists consider it largely ineffective or excessive because it places everyone under general suspicion.
With their verdict on Tuesday, the judges at the ECJ, who have already ruled on similar cases in other countries, are sticking to their previous line: Saving without a specific reason violates EU law. Because such data allowed "very precise conclusions about private life".
In several cases, however, the judges allow data to be stored: For example, if there is a serious "threat to national security", this may also be ordered generally. And when it comes to serious crimes, targeted storage is permissible - i.e. related to specific people or locations with mobile phone data. The ECJ also approves the "general and indiscriminate" storage of IP addresses of surfed sites in the case of serious crimes - for a "limited period of time to what is absolutely necessary".
Based on an EU initiative, data retention has been in force in Germany since 2008. At that time, companies had to record for seven months who called whom when, who wrote an e-mail or accessed a website. In 2010, the Federal Constitutional Court overturned this law. In 2015, a new version with shorter storage periods was then decided. Legal proceedings followed at different levels - and when the Higher Administrative Court of North Rhine-Westphalia declared the regulations invalid in 2017, the federal government effectively suspended them. The Federal Administrative Court finally referred the question to the ECJ.
Last but not least, in order to be able to better combat sexualized violence against children and young people, Interior Minister Faeser wants law enforcement authorities to be able to identify abusers on the Internet by storing data. Her argument: punishing her shouldn't go through privacy be prevented.
In their coalition agreement last year, the SPD, Greens and FDP wrote a rather vague compromise formula: "The regulations on data retention will be designed in such a way that data can be stored legally and as required by a judicial decision". The coalition partners now interpreted this sentence differently. Federal Minister of Justice Marco Buschmann (FDP) replies to Faeser that it has been agreed to "finally abolish data retention without cause". Konstantin von Notz, deputy parliamentary leader of the Greens, says his party sees "neither legal nor political leeway for a new edition".