Lawmakers Urged to Heed Court in Crafting Data Storage Rules
Germany’s highest court will hear a suit challenging the nation’s telecommunications traffic data storage regime. The suit claims 2004 Telecom Act provisions ordering data held for police purposes are disproportionate and violate citizens’ constitutional rights. Unless lawmakers about to legislate an EU data retention directive into national law weigh this suit’s outcome and an earlier Federal Constitutional Court decision, they risk seeing the measure voided, Bingham telecom attorney Axel Spies said Tues.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
In a July 11 resolution, the court said it will examine several parts of the telecom act, Spies said. Two involve categories of data German service providers may retain, such as copies of national identity cards. Other parts cover the data that carriers and service providers must turn over at law enforcement agencies’ request. In particular, Spies said, Sec. 112 provides for an “automatic” procedure letting police agencies “pull” the data, and Sec. 113 describes when and how telcos and ISPs must search data manually, and who may request the information. The court also will look into procedures authorities must follow to obtain the data.
Parliament hasn’t adopted the data retention directive into national law, “but whatever the outcome is, it is likely that someone will lodge a complaint against it,” Spies said. Last year, the high court threw out a state law allowing preemptive surveillance of phone calls, faxes and e-mails, setting narrow conditions on police seeking to eavesdrop. The Lower Saxony measure had authorized law enforcement bodies to listen in on citizens, and to process cellphone, e- mail and SMS traffic and location data even when no crime was suspected. “If German lawmakers don’t take this narrow interpretation of the highest court into due consideration, there’s a good chance the data retention law will be overruled,” Spies said. Similarly, he said, whatever the new suit’s result, it likely will affect the legislative proceedings.
Denmark recently published a draft administrative order on data retention, European Digital Rights (EDRI) reported. The document, implementing data retention provisions of the country’s 2002 anti-terror law, is under review until Aug. 10 by telcos, business groups, nongovernmental organizations and public authorities.
The proposal by the Ministries of Justice and Science & Technology is more limited than earlier versions, EDRI said. If enacted, it would implement part of the EU data directive “but it is more invasive, since it includes Internet session data,” EDRI said. The proposal calls for a one-year storage period for data generated or processed in a commercial ISP’s existing system, not limited to material held for billing purposes. ISPs wouldn’t have to invest in new equipment, EDRI said.
Reaction among telcos, ISPs and others isn’t clear, EDRi said. So far, the telecom industry seems willing to accept it “without much outcry” because the draft responds to many criticisms it levelled earlier. Besides, “many see it as a lost cause, given the legal anti-terrorism provision adopted in Denmark back in 2002,” EDRI said.
Spain soon should have a data retention proposal, European Internet Services Providers’ Assn. Regulatory Affairs Mgr. Richard Nash said: “Otherwise, it’s quiet at the moment, but I'm sure that won’t be for long.”
Ireland and Slovakia have challenged the data retention directive, claiming it was adopted under the wrong legal basis.