Mandatory Data Retention Law in Germany

Last updated: December 19, 2024 Reading time: 3 minutes
Disclosure
Share
DAST vs. Endpoint Detection and Response for Web Application Security

In January 2016, the German law on data retention came into effect to ‘strengthen’ the national cyber security mandate after the Bundestag (lower house of the German parliament) voted on the factor of data retention law.

The law allows ISPs to collect and retain metadata, which is like a digital footprint of who you called, where you are from, how long you called that person, etc. The data would be retained and available for government officials with a warrant.

Metadata retention in Germany: Timeline

In 2010, the Federal Constitutional Court (FCC) ruled that the 2006 EU Data Retention Directive (DRD) and Germany’s Implementation Act (which enacted DRD as national law) were invalid on the grounds of fundamental rights violations.

In 2014, the European Court of Justice ruled that web users’ data retention “without any distinction, restriction or exception” was indeed against fundamental human rights.

The next year, in April, German Justice Minister Heiko Mass drafted a new proposal for a data retention law to assist national security and address the issues in the data retention policy. After all, the FCC never ruled data retention unconstitutional; rather, the Data Implementation Act did not comply with the rights of secrecy of communication and informational self-determination.

The amendments in the new proposal included how long data would be stored, excluding e-mail traffic. Access to such data would require a judicial order. SMS content, the timestamp of webpage access, and the IP address would be stored for ten weeks, and phone calls would be stored for four weeks.

In June 2015, the SPD (Social Democrats) approved the proposal and legislation and moved them forward for parliament’s discussion.

In October 2015, The Bundestag (lower house) passed the bill with a majority of 404 votes in favor of the data retention law.

Between 2015 and January 2016, the Bundesrat (upper house) passed the bill and moved it forward for the President to sign or send to Germany’s constitutional court for review to check compliance with the fundamental law of Germany.

German metadata retention: Opposition

Civil liberties organizations have opposed this similar law, arguing that it will undermine people’s privacy and instill a false sense of security. Here’s a closer look at the opposition from the groups:

  • The Free Democratic Party (FDP) could legally challenge the data retention law before Constitutional Court judges. They argue that the law would not protect citizens’ privacy with professional secrets, which is a guarantee under EU law.
  • European single market regulations might be exploited because of data retention law, which might provide Germany an unfair advantage over other countries if it forces organizations to use German servers for easy access.
  • It is unclear what will happen if a ‘digital footprint’ raises suspicion. Would the data be used for digital surveillance or a phone wire warrant issue?

How to protect yourself from German metadata retention

You can encrypt your metadata by following security measures to prevent ISPs and Telecommunication providers from tapping on sensitive information. You can follow our guide on how to prevent metadata retention.

Share this article

About the Author

Rebecca James is an IT consultant with forward thinking approach toward developing IT infrastructures of SMEs. She writes to engage with individuals and raise awareness of digital security, privacy, and better IT infrastructure.

More from Rebecca James

Related Posts