EU court rules against customers' data collection law in Germany

German firms Telekom Deutschland and SpaceNet have challenged the law that obliged telecoms firms to retain customers' traffic and location data for several weeks to fight serious crime.

The ECJ says the German legislation - which required traffic data to be retained for 10 weeks, and location for four - applies to a "very broad set" of information.
Reuters Archive

The ECJ says the German legislation - which required traffic data to be retained for 10 weeks, and location for four - applies to a "very broad set" of information.

A German law requiring telecoms companies to retain customer data is a breach of EU legislation, a European court has ruled, prompting the justice minister to vow an overhaul of the rules.

Firms Telekom Deutschland and SpaceNet took action in the German courts challenging the law that obliged telecoms firms to retain customers' traffic and location data for several weeks to fight serious crime.

The case headed to the European Court of Justice (ECJ) in Luxembourg, which ruled against the German legislation on Tuesday.

"EU law precludes the general and indiscriminate retention of traffic and location data," the court said in a statement, confirming its previous judgements on the issue.

The Federal Administrative Court, one of Germany's top courts, had argued there was a limited possibility of conclusions being drawn about people's private lives from the data, and sufficient safeguards were in place.

But the ECJ said the German legislation - which required traffic data to be retained for 10 weeks, and location for four - applies to a "very broad set" of information.

It "may allow very precise conclusions to be drawn concerning the private lives of the persons whose data are retained... and, in particular, enable a profile of those persons to be established."

READ MORE: Why Google's new contract with Israel is 'unethical' and worrisome

Data privacy, a sensitive issue

The stated aim of the law was to prosecute serious criminal offences or hinder specific risks to national security, but the court said that such measures were not permitted on a "preventative basis".

However, it said that in cases where an EU state faces a "serious threat to national security" that is "genuine and present", telecoms providers can be ordered to retain data.

Such an instruction must be subject to review and can only be in place for a period deemed necessary.

Following the announcement, Justice Minister Marco Buschmann hailed a "good day for civil rights".

"We will now, swiftly and definitively, remove data retention without cause from the law," the minister wrote on Twitter.

Data privacy is a sensitive issue in Germany, where people faced mass surveillance under the Nazi regime as well as in communist East Germany.

Buschmann is from the liberal FDP party, which has made data protection a key plank of its policies.

READ MORE: EU probes signs of Pegasus spyware use on top official phones

Route 6