In the wake of the attack on Charlie Hebdo, calls for more intensive data surveillance to fight terror are gaining strength. But in France, data retention was neither able to prevent nor illuminate the attacks. EurActiv Germany reports.
“Do we really want to protect data from terrorists and criminals? Or do we want to protect the citizens of Germany?” asked internal affairs representative from the Bavarian Christian Social Union (CSU) Hans-Peter Uhl.
Germany’s governing grand coalition is again in a heated debate over data retention, this time rekindled by the conservative CSU party.
Only one day after the deadly attack on the Paris-based satirical newspaper Charlie Hebdo, the party called for reintroducing data retention, which remains a controversial subject in Germany.
Over the weekend, German Internal Affairs Minister Thomas de Maizière moved to back Uhl’s demands.
The proposal is not new and is not a reaction to the tragedy, the centre-right politician from the CSU’s larger sister party the Christian Democratic Union (CDU) said at a CSU meeting in Bavaria’s Wildbad Kreuth. But these and other measures are considered necessary from a security policy perspective, particularly after the attack in Paris, de Maizière indicated.
“The incident underlines the urgency,” he said. “We must look further into these measures,” the Minister commented.
But opposition to the data retention initiative is coming from all sides. Justice Minister Heiko Maas from the Social Democratic Party (SPD) had planned to introduce a legislative package within the month of January, with which the government could launch a stronger offensive against terrorists, such as a ban on donations for terrorist organisations. But Maas continues to reject data retention.
“With data retention, we also store all data from journalists and restrict freedom of the press. That does not fit together,” Maas said on the television broadcaster ARD.
SPD Secretary General Yasmin Fahimi warned “against sudden, irrational, political acts”. Germany already adapted its security architecture after the 9/11 attacks, she said in Friday’s (9 January) edition of the Passauer Neue Presse.
“Our police forces and our security authorities are very well equipped for the fight against terrorism. At the same time we know that absolute security cannot exist in a free society,” Fahimi explained.
But voices against data retention can also be heard within the Chancellor’s CDU. MEP Elmar Brok warned against a race toward sharper security laws. “We must prevent ever higher bids,” he said, “with something of that nature we are only running into the double-edged sword of radical Islamists and Pegida as well as of these right-wing parties.”
New EU Directive with low chances
With a landmark ruling on 8 April 2014, the European Court of Justice (ECJ) lifted the EU’s Data Retention Directive. According to the EU high court, the rules violated the Union’s Charter of Fundamental Rights which includes a right to privacy.
In its legal opinion on the ruling, the European Parliament’s (EP) Legal Service said it considered all data retention to be incompatible with European Fundamental Rights. The paper indicated that this also applied to the EU’s PNR Directive or the “Smart Borders Package”.
The legal specialists made it clear that by relying on the European Court of Human Rights, the ECJ’s criteria for general surveillance programmes, in which groundless surveillance occurs without initial suspicion, are extremely narrow.
The Data Retention Directive was far beyond that, particularly with regard to the proportionality principle. The EP’s Legal Service said this also applied to the Commission’s proposal, already rejected once by the EP, for groundless surveillance of Passenger Name Records (PNR) or non-stop surveillance of entry and exit at EU external borders (“Smart Borders”).
According to the assessment, EU member states must now evaluate their national data retention laws, extensively lifting the vast majority of them. If they do not do this, the European Commission is required to initiate infringement proceedings in cases of doubt, the EP’s experts indicated.
De Maizière himself is aware that data retention is a violation of the Fundamental Rights and for this reason is calling for a constitutional regulation that conforms with EU law. “But to do this, we must organise majorities. And we are working on this,” he said.
“Political din” from Germany’s centre-right
In France, providers are required to store user data and passwords for twelve months. This is one of the reasons why the Working Group on Data Retention, a collection of civil rights activists, data protectionists and internet users, considers the proposals from politicians in Germany’s coalition to be an expression of populism.
“Data retention in France neither prevented the attacks, nor did it significantly lead to capturing the perpetrators. The forgotten ID of one of the assassins found in the getaway car was much more helpful in leading police to the perpetrators,” explained Ute Elisabeth Gabelmann from the Working Group on Data Retention.
“The discussion on data retention is just a political din,” said Gabelmann’s colleague, lawyer Meinhard Starostik. “A pig is being driven through the village and the parties are trying to improve their profiles.” The pool of collected and stored data is already large enough; security authorities have learned to access it and analyse it, Starostik continued.
While the grand coalition and the Federal Cabinet continue to debate a clear position on data retention, they do agree on planned collection and analysis of European PNR data.
In the wake of Islamist terror attacks in France, EU internal affairs ministers are hoping to facilitate the exchange of PNR flight passenger data. At a meeting on Sunday (11 January) in Paris, they agreed to “seek a compromise” with the EP, said a spokesman from the German Internal Affairs Ministry on Monday (12 January) in Berlin.
Green MEP Jan Philipp Albrecht described the ministers’ initiative as “dangerous symbolic policy”, that plays into the hands of terrorists.
“Calls for groundless data retention,” Albrecht said, “distract from a real improvement of the security situation and leads citizens to believe in an ostensible state of security – at the cost of their fundamental freedoms.”
Data retention refers to the storage of traffic and location data resulting from electronic communications.
The main legislative instrument at EU level governing this field was the Data Retention Directive, which was adopted in November 2006 following the Madrid terrorist train bombings in 2004 and the public transport bombings in London in 2005.These resulted in a text which gave room for different applications at national level and which did not guarantee a sufficient level of harmonisation.
Data protection and privacy in electronic communications are also governed by the E-privacy Directive, which dates back to 2002, although it has been slightly revised in 2009.
Germany, however, is still overshadowed by apprehension toward government monitoring, due to the heavy surveillance of citizens practised in the communist German Democratic Republic (GDR) and under Hitler's Nazis.
Germany and Belgium were taken to court by the EU, after refusing to implement the 2006 Data Retention Directive. The measure was overturned in April 2014.
- EurActiv France: La polémique sur la conservation des données repart en Allemagne