Metadata Retention Law in Germany

Last updated: April 16, 2024 Reading time: 3 minutes
DAST vs. Endpoint Detection and Response for Web Application Security

In 2010, one of the German courts declared the German mandatory data retention law unconstitutional after strong opposition. Later, the European Commission issued Germany’s ultimatum to transpose the Data Retention Directive. And in January 2016, the German law on data retention came into effect to ‘strengthen’ the national cyber security mandate after the Bundestag (lower house of the German parliament) voted on the factor of data retention law.

Metadata is like a digital footprint of who you called, where you are from, and for how long you call that person, etc. Where messages are retained in full, and the data would be retained that would be available for government officials with a warrant.

Metadata Retention in Germany: Timeline

In 2010, Federal Constitutional Court (FCC) ruled the old 2006 EU’s Data Retention Directive (DRD) and Germany’s Implementation Act (which enacted DRD as national law) as invalid on the grounds of fundamental rights violation.

In 2014, the European Court of Justice ruled that the data retention of web users “without any distinction, restriction or exception” was indeed against fundamental human rights.

In April 2015, German Justice Minister Heiko Mass drafted a new proposal for a data retention law to assist national security and address the issues in the data retention policy. After all, FCC never ruled data retention as unconstitutional rather;, the Data Implementation Act did not comply with the rights of secrecy of communication and informational self-determination.

The amendments in the new proposal included how long data would be stored, excluding e-mail traffic, and access to such data would require a judicial order. SMS content, timestamp of webpage access, and IP address would be stored for ten weeks, and the phone calls would be stored for four weeks.

In June 2015, the political party SPD (Social Democrats) approved the proposal and the legislation and moved it forward for the parliament discussion.

In October 2015, The Bundestag (lower house) passed the bill with a majority of 404 votes in favor of the data retention law.

In between 2015 and January 2016, The Bundesrat (upper house) passed the bill and moved it forward for the consideration of the President to sign or send it in Germany’s constitutional court for review to check compliance with the fundamental law of Germany.

German Metadata Retention: Opposition

Civil liberties organizations have opposed this similar law arguing that it will undermine people’s privacy and instill a false sense of security. Here’s a closer look at the opposition from the groups:

  • Free Democratic Party (FDP) could legally challenge the data retention law before constitutional court judges. They argue that the data retention law would not protect the privacy of citizens with professional secrets, which is a guarantee under EU law.
  • European single market regulations might get exploited because of data retention law, as it might provide Germany an unfair advantage over other countries if it forces organizations to use German servers for easy access.
  • What will happen if a ‘digital footprint’ raises suspicion is unclear. Would the data be used for digital surveillance or phone wire warrant issue?

How to Protect From German Metadata Retention

You can encrypt your metadata by following security measures to prevent ISPs and Telecommunication providers from tapping on your sensitive information. You can follow our guide on How To Prevent Metadata Retention.

Share this article

About the Author

Rebecca James is an IT consultant with forward thinking approach toward developing IT infrastructures of SMEs. She writes to engage with individuals and raise awareness of digital security, privacy, and better IT infrastructure.

More from Rebecca James

Related Posts