Back to news

Sweeping Telecom Data Retention Law Held Unconstitutional in Germany

March 1, 2010

The German Constitutional Court (GCC) this morning struck down a law that imposed on private telecom operators and service providers such as ISPs and telephone companies comprehensive duties to keep record of all communication data, including Internet activity, e-mails, SMS, MMS etc., for six months and without pre-screening or cause. It appears to be a glorious victory to privacy interests, yet some privacy advocates are disappointed since the GCC did not take the opportunity to declare such regulation as unconstitutional on its face. Either way, the Court imposed quite substantial restrictions on the legal formulation of the telecom data retention law, its application, and the way law enforcement agencies may use the data.

The provisions at question intended to transpose in Germany the European Directive 2006/24/EG (March 15, 2006) and its relevant instructions concerning duties of telecom service providers concerning record-keeping of telecom information. The German legislation that followed introduced, among other things, some amendments to the Telecommunication Law (TKG), specifically sections 113a and 113b, which the GCC now declared disproportional and thus void as violating the constitutional rights of citizens in private communications. The decision is quite long and complex (and, surprise-surprise, in German), so I’ll focus here on several interesting points and leave the rest to a later day.

The relevant Directive, bearing the charming title “[Directive] on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks…”, imposes some important obligations on E.U. member states on matters of communication data retention (Art. 3 ff.). The list of the types of data covered is extensive, to say the least (Art. 5.1.). The GCC avoided saying that these provisions were irreconcilable with the Constitution. At the same time, it held that the German legislature in this case went too far and beyond the requirements of E.U. law, and that the resulting amendments of the TKG suffered from fatal flaws that must lead to their immediate annulment. Consequently, and quite strikingly, the decision obligates all telecom service providers to delete without delay all the data they were keeping in order to comply with that bad legislation!

The judges rejected this fiercely disputed law (about 34,000 petitioners joined the proceeding before the Constitutional Court) basically for two main reasons. Firstly, the duty on telecom service providers to keep a six-months track record of (and to report to a state agency) all communication data without discrimination (which, in any case, does not include the content of communications), was overboard and disproportional.

Secondly, the terms for using this data by state agencies such as police, the prosecution and intelligence services was not sufficiently determined to limit use only in the appropriate cases. As critics and ultimately the Court itself noticed, the data could be used for a variety of purposes, from fighting terrorism to terrorizing users of P2P networks. (By the way, in the case of copyright infringement over the Internet, the GCC now made it crystal clear that a back door to obtaining IP-address-related data of users via this telecom regulation – without passing through the front door of the copyright act requiring a court order against the ISP – is not available to copyright holders).

It was held that the law went beyond the mandate of the E.U. directive for allowing the state to retrieve and use the data not only for pursuing grave criminality but also for preventive acts and intelligence operations. The GCC did not neglect to mention Art. 10 of the European Human Rights Convention - securing free speech rights – as ground for its intervention with the work of the legislative branch. More concretely, the law presented an unjustified harm to secrecy in private communication guaranteed under Art. 10(1) of the German Constitution.

As noted, the Court did not say that such regulation could never pass constitutional muster. The ball is now back with the government to draft a new law that would be more narrowly tailored and meet the constitutional proportionality standards.

This article was originally published at the CIS Blog Sweeping Telecom Data Retention Law Held Unconstitutional in Germany
Date published: March 2, 2010
Country
Germany
Topic, claim, or defense
Other