Germany moves closer to data retention

Germany's lower house has signed off on an updated data-retention Bill, with customer data to be stored for 10 weeks by telcos and ISPs, accessible by a warrant.
Written by Corinne Reichert, Contributor on

The lower house of Parliament in Germany has voted in favour of implementing mandatory data retention, which would see citizens' phone and internet metadata stored for 10 weeks by service providers.

The Bundestag on Friday passed the law by 404 votes in favour and 148 against, according to German publication Spiegel, with German Chancellor Angela Merkel's conservative party (CDU) and the Social Democrats (SPD) passing the law, while the Left and Greens parties fought against it.

Customer data will be stored for a period of 10 weeks under the refreshed laws, with phone numbers, duration of calls, and IP addresses to be kept. Location data for mobile phone calls will also reportedly be kept for four weeks, while Süddeutsche Zeitung reported that under a technicality, SMS content will be retained for 10 weeks.

Under the proposed legislation, which was approved by the SPD in June, telecommunications carriers and internet service providers (ISPs) would store the data, with investigators to obtain access through obtaining a warrant from the judicial system.

Merkel, like her counterparts worldwide, argued that data retention is a necessary counter-terrorism measure.

"We must keep open -- in view of the current threats -- this option to backtrack through communications," Merkel said in June.

"I would feel more secure if we had such a law."

The data-retention law has yet to pass the upper house of Parliament, the Bundesrat.

Germany had previously collected data and stored it for a period of six months in accordance with a European Union (EU) directive in 2006 mandating that telecommunications operators retain all customer communications data for up to two years, until the Federal Constitutional Court of Germany ruled data retention to be unconstitutional in March 2010.

This was followed in April 2014 by the European Court of Justice (ECJ) also ruling against the EU directive, as it "interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data".

The United Kingdom High Court similarly struck down its rushed data-retention legislation in July, ruling various elements of it to be unlawful, as it was incompatible with the rights to privacy and the protection of personal data under the EU Charter of Fundamental Rights.

The UK's Data Retention and Investigatory Powers Act 2014 was passed as emergency stop-gap legislation in order to fill the void after the 2014 ECJ ruling.

Under the UK legislation, all ISPs and telcos were to retain customer communications data -- including the time and duration of a communication, phone numbers, and email addresses involved in the communication, and location data -- for a period of one year, and granted access to police and intelligence agencies without the need for a warrant.

Meanwhile, Australia's warrantless data-retention legislation, passed by the government in March, came into effect last week.

Australia's Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 will see customers' call records, location information, IP addresses, billing information, and other data stored for two years, also accessible without a warrant by law-enforcement agencies.

The legislation was passed by both of Australia's major parties, with only the Greens and several independent parties objecting, passing the upper house of Parliament 43 to 16.

In July, however, the opposition Labor party called for a review of the legislation despite helping to pass it, saying the retention period, cost, and provision of warrantless access all need to be revisited.

At the 2015 ALP National Conference, the party passed an amendment to its Draft National Platform to include a review of the law, saying it creates "a culture of fear" and invades the privacy of Australian citizens.

"These laws help create a culture of fear, a culture where we are all under suspicion and subject to heightened mass surveillance," New South Wales Labor MP Jo Haylen said.

"The challenge for lawmakers is to strike the right balance ... between privacy and security, between transparency and strength, and between the power of government and the rights of citizens. The government's data-retention laws do not strike the right balance, and neither does Labor's support of these laws."

Greens communications spokesperson Senator Scott Ludlam, who had historically fought against data retention, said it was "too late" for Labor to oppose the legislation, however.

"Too late to try and reinvent ‪data-retention history, Labor," Ludlam said. "You already voted for it."

Electronic Frontiers Australia (EFA) has also previously called for amendments to the legislation to shorten the "unjustifiably long" two-year retention period, while other critics have argued that the data retained under the legislation will be a "honey pot" for would-be hackers.

Editorial standards