The return of a legal requirement on data retention remains a controversial issue in the EU. The British civil rights organization Statewatch has now published the positions of seven member states, including Germany. The majority of them are therefore for a new legal obligation in the entire community for telecommunication companies, connection and location data to log again comprehensively and only more or less specifically.
In addition to Germany, the Strong neighbors Luxembourg and the Netherlands as well as Sweden and Hungary. It was already known that the old federal government is advocating increased data retention. She wants, for example, that “over-the-top” providers such as WhatsApp, Facebook Messenger, Signal and Threema will also be covered by the “general and indiscriminate” storage requirements. It is also necessary “not only to save the IP address, but also the time stamp and, where relevant, the assigned port number”.
Limiting data retention to a specific geographic area would be “not particularly useful in view of the mobility of suspects,” writes the federal government in their recently published submission to the EU Commission. From a legal point of view, the question also arises how a targeted logging of user traces could be carried out “without discriminating against certain groups of people”. In addition, this approach would be “hardly technically feasible”.
In this respect, the local executive attaches particular importance to the imminent decision of the European Court of Justice (ECJ) on the existing but de facto suspended law on data retention. The data categories concerned and the duration of their retention are already limited therein.
Possible violation of European fundamental rights
The European Court of Justice Advocate General Manuel Campos Sánchez-Bordona nevertheless assumes that the German requirement violates fundamental European rights. The future traffic light coalition wants to make the rules for data retention “legally secure” and based on the occasion, which is likely to result in the “quick freeze” rejected by the previous government.
In its response to the survey launched by the Commission in June, Hungary also supports a general and indiscriminate storage of traffic data among the member states. The EU is only allowed to issue very general regulations here, since internal security is a matter for the nation states. The government in Budapest does not consider a targeted approach to be effective; the “freezing” of telephone and Internet data is at best an “additional instrument”. A data retention of only IP addresses is insufficient.
The Netherlands are in favor of an EU solution, also in the form of a law. They are of the opinion that a targeted measure limited to IP addresses would encounter major technical hurdles and may not be feasible at all. The government in The Hague also welcomes the provision of participant information such as inventory data, but considers this alone to be insufficient.
Sweden and Denmark made similar statements, with the latter criticizing the case law of the European Court of Justice as an obstacle to effective law enforcement and the work of the secret services. Luxembourg did not comment on specific approaches, but for EU legislation is in line with the line of the ECJ judges based in the same country.
Finland was the only one of the seven states to emphasize that there should be no general and indiscriminate data retention. The principle of strict necessity should be observed, and suitable protective measures should be provided. Thirteen other EU countries such as Belgium, the Czech Republic, France, Italy, Poland, Portugal and Spain also answered the Commission’s questions. However, they refused to release the relevant documents in response to Statewatch’s request for freedom of information. They justify the secrecy with the protection of public security.