Metadata Retention Law in Germany

Last updated: April 16, 2024 Reading time: 3 minutes
DAST vs. Endpoint Detection and Response for Web Application Security

In 2010, one of the German courts declared the German mandatory data retention law unconstitutional after strong opposition. Later, the European Commission issued Germany’s ultimatum to transpose the Data Retention Directive. And in January 2016, the German law on data retention came into effect to ‘strengthen’ the national cyber security mandate after the Bundestag (lower house of the German parliament) voted on the factor of data retention law.

Metadata is like a digital footprint of who you called, where you are from, and for how long you call that person, etc. Where messages are retained in full, and the data would be retained that would be available for government officials with a warrant.

Metadata Retention in Germany: Timeline

In 2010, Federal Constitutional Court (FCC) ruled the old 2006 EU’s Data Retention Directive (DRD) and Germany’s Implementation Act (which enacted DRD as national law) as invalid on the grounds of fundamental rights violation.

In 2014, the European Court of Justice ruled that the data retention of web users “without any distinction, restriction or exception” was indeed against fundamental human rights.