German Constitutional Court Suspends European Data Retention Law

The German Constitutional Court (Court) has suspended the implementation of a European Union Data Retention Directive (EU Directive) because it violates citizens’ rights to private correspondence and privacy. Approved in 2006, the EU Directive required member countries to pass laws directing phone and Internet providers to retain customer communication data for a minimum of six months for possible later use by law enforcement agencies. In 2008, after amendments to the German Telecommunications Act were passed to implement the EU Directive, about 35,000 Germans filed complaints with the Court. The Court ruled that the law violated citizens’ rights to private correspondence and citizens’ privacy rights and held that the storage of data was not properly secured. Secondly, the possible uses of data by law enforcement were unclear and overbroad. The Court held that the German law went beyond the EU Directive, because the data could be used for purposes other than criminality, such as for intelligence-gathering purposes. The Court did not rule that the German law was unconstitutional. Instead, the Court suspended the effect of the statute until the government makes amendments to provide greater data security and clearly limit the use of the data. For further information, visit: http://tinyurl.com/ykn3dv8; and http://www.spiegel.de/international/germany/0,1518,681251,00.html For the reasons for judgment (in German) of the Federal Constitutional Court, 1 BvR 256/08, see: http://tinyurl.com/yalxoar Summary by: Lauren Lodenquai