In January 2016, the German law on data retention came into effect to ‘strengthen’ the national cyber security mandate after the Bundestag (lower house of the German parliament) voted on the factor of data retention law.
The law allows ISPs to collect and retain metadata, which is like a digital footprint of who you called, where you are from, how long you called that person, etc. The data would be retained and available for government officials with a warrant.
Metadata retention in Germany: Timeline
In 2010, the Federal Constitutional Court (FCC) ruled that the 2006 EU Data Retention Directive (DRD) and Germany’s Implementation Act (which enacted DRD as national law) were invalid on the grounds of fundamental rights violations.
In 2014, the European Court of Justice ruled that web users’ data retention “without any distinction, restriction or exception” was indeed against fundamental human rights.
The next year, in April, German Justice Minister Heiko Mass drafted a new proposal for a data retention law to assist national security and address the issues in the data retention policy. After all, the FCC never ruled data retention unconstitutional; rather, the Data Implementation Act did not comply with the rights of secrecy of communication and informational self-determination.
The amendments in the new proposal included how long data would be stored, excluding e-mail traffic. Access to such data would require a judicial order. SMS content, the timestamp of webpage access, and the IP address would be stored for ten weeks, and phone calls would be stored for four weeks.
In June 2015, the SPD (Social Democrats) approved the proposal and legislation and moved them forward for parliament’s discussion.
In October 2015, The Bundestag (lower house) passed the bill with a majority of 404 votes in favor of the data retention law.
Between 2015 and January 2016, the Bundesrat (upper house) passed the bill and moved it forward for the President to sign or send to Germany’s constitutional court for review to check compliance with the fundamental law of Germany.
German metadata retention: Opposition
Civil liberties organizations have opposed this similar law, arguing that it will undermine people’s privacy and instill a false sense of security. Here’s a closer look at the opposition from the groups:
- The Free Democratic Party (FDP) could legally challenge the data retention law before Constitutional Court judges. They argue that the law would not protect citizens’ privacy with professional secrets, which is a guarantee under EU law.
- European single market regulations might be exploited because of data retention law, which might provide Germany an unfair advantage over other countries if it forces organizations to use German servers for easy access.
- It is unclear what will happen if a ‘digital footprint’ raises suspicion. Would the data be used for digital surveillance or a phone wire warrant issue?
How to protect yourself from German metadata retention
You can encrypt your metadata by following security measures to prevent ISPs and Telecommunication providers from tapping on sensitive information. You can follow our guide on how to prevent metadata retention.
Share this article
About the Author
Rebecca James is an IT consultant with forward thinking approach toward developing IT infrastructures of SMEs. She writes to engage with individuals and raise awareness of digital security, privacy, and better IT infrastructure.
More from Rebecca JamesRelated Posts
Data Retention Law in United States
Mandatory Data Retention Law in the United States is not implemented. However, according to the law ...
European Union MetaData Rentention Law
In 2006, the European Union passed the Data Retention Directive (DRD), which is considered an extrus...
Review of the Mandatory Data Retention Law
KEY TAKEAWAYS Mandatory Data Retention Law is against every user’s privacy, as it allows ISPs ...
How to Protect Yourself from MetaData Retention
KEY TAKEAWAYS The extremely invasive Investigatory Powers Act in the UK and Congress’s vote to...
Surveillance practices in Canada, Facing Criticism
With the revelation that the Canadian Revenue Agency (CRA) regularly supervises social networking si...
What is Australia Data Retention Law? How to Protect Yourself
The countdown for ‘intrusive data surveillance’ has expired after the 18-month deadline. From this d...