With their proposal to reintroduce data retention in Germany, Justice Minister Heiko Maas and Interior Minister Thomas de Maizière are planning a new law that opposition parties say is simply a scheme to “relabel” existing legislation. EurActiv Germany reports.
The proposal, which was submitted on Wednesday (15 April) in Berlin, sets a retention period for internet and telephone data limiting storage to ten weeks. This would be a maximum retention period, requiring collected data to be erased after expiration. If the provider fails to comply with the deletion requirement, the provision would penalise it with a fine. For location information, on the other hand, the retention period would only be four weeks.
“To maintain the balance between freedom and security in the digital world, we are setting clear and transparent rules on maximum retention periods for traffic data,” Justice Minister Heiko Maas explained. “Our guidelines combine restrictive time and content-related retention periods with very strict retrieval regulations.”
Data retention is highly controversial, and has often been in the headlines in Germany over the past few years. First, the country’s law on data retention did not survive a case before the Federal Constitutional Court, and then in April 2014 an EU Directive was declared invalid by the European Court of Justice. Shortly thereafter, national laws in Austria, Slovakia and Romania were overturned. In March, national regulations on groundless collection of communication data from all telephone and internet users were lifted in Bulgaria and the Netherlands.
More recently, the attack on the Paris-based satire magazine Charlie Hebdo increased calls for more intensive data surveillance.
Retention of communications data is more necessary than ever to combat terrorism, Germany’s centre-right alliance argued.
While Interior Minister Thomas de Maizière (CDU) called for the temporary retention of communications data to aid criminal investigations, Maas, who hails from the Social Democratic Party (SPD) has long been against such measures.
But Maas called the most recent negotiations with the Interior Minister “constructive”.
“We are bringing the goals of fighting crime in harmony with high data protection standards,” the Justice Minister said. “We are complying with the Constitutional Court’s and the European Court of Justice’s conditions.”
Data retention would only be allowed within very strict boundaries, according to the ministers’ guidelines. Storage of communication content would not be allowed in any form. Generating personal and movement-related profiles is also not permitted in the proposal, and the entire email sphere is off limits for data retention.
The Green Party criticised the “clear attempt at relabelling” data retention as a minimum and maximum retention period for being “silly and already failed”.
Konstantin von Notz, the party’s deputy faction chairman, and Katja Keul, spokeswoman for legal policy explained, “So-called minimum and maximum retention periods are also nothing but groundless large-scale surveillance of telecommunication traffic data from all German citizens and an unparalleled attack on our fundamental rights.”
Jan Korte, deputy chairman of the Left Party faction, said, “The coalition still wants to groundlessly store all location and telephone data from the entire population; nothing about that will change. And still no one has proven the necessity, not to mention the usefulness, of data retention.”
The liberal Free Democratic Party (FDP) also views data retention as a violation of fundamental rights and unnecessary.
“Today is a black day for freedom in Germany,” said FDP leader Christian Lindner.
The party’s second-in-charge Wolfgang Kubicki said, “If the grand coalition’s plans are implemented, I will file a complaint against this law – in my function as a lawyer and as an MP. We should not let minimum standards of the rule of law be bought from us like that.”
“Even if Justice Minister Maas is taking care to furnish the plan with a thick layer of constitutional cosmetics, it remains groundless retention of particularly sensitive person-related data,” said Volker Tripp, political advisor at the association Digitale Gesellschaft (“digital society”).
In Berlin, Maas preemptively addressed anticipated criticism. “Many will feel our compromise does not go far enough,” he pointed out, “because it is not old data retention as the security politicians want it. Others, such as network politicians, will feel it goes too far. That shows these guidelines are a balanced middle road.”
But criticism also came from the SPD, which belongs to the governing grand coalition. The party’s faction spokesman for network policy, Lars Klingbeil, predicted that changes would be made during the parliamentary process.
“The proposals that have been presented are just guidelines to start and I assume that changes could still be made during the parliamentary process,” Klingbeil told the Tagesspiegel.
He said he recognises that the two ministers have submitted a package that is far removed from the original plans for data retention.
“But it still does not convince someone like me, who fundamentally questions this instrument,” Klingbeil explained. “I still have considerable doubts that groundless and comprehensive retention would stand before the Constitutional Court.”
The Data Retention Directive was adopted in November 2006 following the Madrid terrorist train bombings in 2004 and the public transport bombings in London, in 2005. These resulted in a text which gave room for different applications at national level and which did not guarantee a sufficient level of harmonisation.
Data protection and privacy in electronic communications are also governed by the E-privacy Directive, which dates back to 2002, although it was slightly revised in 2009.
Germany, however, is still overshadowed by apprehension towards government monitoring, due to the heavy surveillance of citizens practised in the communist German Democratic Republic (GDR) and under Hitler's Nazis.
Germany and Belgium were taken to court by the EU, after refusing to implement the 2006 Data Retention Directive. The measure was overturned in April 2014.