Data retention guidelines have been under discussion throughout Europe for years. We clarify the current situation, what it is, which data are stored and which advantages and disadvantages are discussed.
This means data retention
By definition, data retention means the storage of personal data over a long period of time. The information usually originates from the Internet and is stored without any specific purpose. This can include, for example, calls, IP addresses or location data.
The aim is to make the data accessible to public institutions as soon as persons are suspected of having committed a criminal offense. The purpose of data storage is therefore to provide information and, indirectly, surveillance.
Nevertheless, the information is subject to data protection. It is only used when public bodies such as the Federal Office for the Protection of the Constitution, the police, lawyers or the Federal Intelligence Service explicitly demand it.
This is how the directive came into being
The directive was originally issued by the Bundestag in 2007, which passed a law on data retention. However, the federal government had no success, as this was overturned by the Federal Constitutional Court. The Federal Constitutional Court considered the law unconstitutional. According to the Federal Constitutional Court, it violated the secrecy of letters, mail and telecommunications contained in Article 10 of our Basic Law.
Since then, no year has passed in which the controversial storage of personal data is not discussed.
The European Court of Justice (ECJ) is currently dealing with the storage of telephone data, Internet connections and IP addresses, as several lawsuits have been filed in this regard.
In addition, the Federal Constitutional Court has received complaints from data protection activists because they also see the storage as an encroachment on the fundamental rights of citizens and fear increasing surveillance. In this context, the ECJ should examine whether the associated German directive violates EU law.
How is the regulation on storage currently regulated?
Currently there is no concrete law. The Federal Government has incorporated the provisions of the law “on the introduction of a storage obligation and the maximum storage period for traffic data” into the Telecommunications Act (§§ 113 b – 113g TKG) and the Code of Criminal Procedure.
Traffic data here refers to the technical information that is generated in the respective telecommunications company (= provider) when using telephony or the Internet. Providers could, for example, store IP addresses, login data and calls here.
What exactly is stored?
To store this data, traffic data is recorded by providers that show exactly who communicated with each other at what time. This is connection data. This can include private or business calls, location data, IP addresses or communication processes via smartphone and telephone.
Although the contents of the conversations are not recorded, a large number of connection records are secured over months. This makes it possible to track which people are connected to each other and which channels they have used when crimes are committed.
If you look at the amount of traffic data stored, it becomes clear why the current discussions are so far reaching and why many critics in the guidelines fear surveillance.
Now get an overview of what connection data providers should store in the future:
When will public institutions be allowed to access traffic data?
In the event of a justified suspicion, connection data or traffic data may be accessed under a court order if the offenses are criminal acts such as murder, manslaughter, treason, abuse, falsification, robbery, fraud, extortion, drug trafficking, violations of weapons laws or serious cases of tax evasion and other constitutional violations.
The Federal Police, prosecutors, the Office for the Protection of the Constitution and the Federal Intelligence Service as well as military services and regulatory agencies have the right of access and implementation.
Curse or blessing?
Why the opinions regarding the storage of sensitive data differ so much, quickly becomes clearer if one considers the advantages and disadvantages of the stored data or a possible law.
Critics who call for the abolition of a directive on new data retention see incompatibility with human rights and the freedom of individuals. The fact is that data retention undermines the rights to informal self-determination, secrecy of telecommunications and confidentiality of communications.
In addition, there is a risk that trust between the Federal Government and the guarantors will dwindle if the communication processes of individuals are recorded without interruption. Constant monitoring turns the persons concerned into suspects, which can lead to frustration and distrust.
A very concrete danger exists in the area of IT security. Hackers could exploit security gaps and uncover the privacy of individuals or even endanger their security.
What should not be ignored are the additional costs that providers incur when they have to store all data. How high these could be, however, is not yet calculable.
The biggest argument in favor of a law with stored data is the clarification of more serious criminal offenses. In addition, controls would lead to greater security, since illegal activities could be stored and thus not be endlessly concealed.
The future of data retention?
In September 2019, data retention in Germany again became a case for the European Court of Justice (= ECJ). The Federal Administrative Court is calling for a ban on the storage of data without cause.
The background is two telecommunications service providers who had filed a lawsuit against data retention. A judgement is expected in a few months.
Overall, it remains to be seen how the ECJ will decide and what measures the Federal Constitutional Court will take in the future.
Even if possible laws and guidelines are currently still unclear, one thing is certain – data protectors, journalists, activists, politicians and other critics will continue to strongly oppose data retention in the future in order to ensure the freedom of individuals.
