Out-Law News 2 min. read
19 Jun 2015, 9:45 am
In a resolution adopted at a conference of Germany's data protection commissioners last week, concerns were raised about draft rules which would impose new requirements on telecoms companies to retain 'traffic data' relevant to communications and hand them over to Germany's law enforcement and security agencies.
According to an automated translation of the resolution, posted on the website of Germany's federal commissioner for data protection and freedom of information, the privacy watchdogs said the German government has not outlined why the retention of the data is necessary. They said that a ruling by the Court of Justice of the EU last year on previous EU data retention laws that applied had not been "fully taken into account". That CJEU judgment found that the Data Retention Directive disproportionately infringed on peoples' privacy rights.
Although the CJEU found that the retention of the data for the purposes of allowing law enforcement bodies to access the data to help detect and prevent serious crime "genuinely satisfies an objective of general interest", it identified failings with the drafting of the Directive.
It said provisions were too wide ranging in allowing personal data to be collected and retained even where "there is no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime", and said there were insufficient controls and safeguards to limit law enforcement agencies' access to the data retained. The CJEU also criticised the Directive for allowing individual EU countries too much freedom to decide how long to require telecoms businesses in their country to retain the data for.
The German privacy watchdogs have raised similar complaints with the German government's data retention law plans. They said the government "has so far not sufficiently substantiated that the storing location and communication data is needed", and stressed that it was a requirement of the new law to differentiate between the data retention periods set and the possible uses of the different types of data collected, according to the resolution.
Concerns were also raised about a lack of definitions of "legal concepts" contained in the proposals and the watchdogs said the new rules, a period of time after being introduced, should be scrutinised by an independent body so that their effectiveness and their impact on fundamental rights is assessed and "legislative conclusions" can be drawn, it said.
Andrea Voßhoff, Germany's federal data protection commissioner, issued a separate opinion on the proposals. She said she had been given just 30 hours to scrutinise the government's data retention proposals and said this was "unacceptable" as the proposals concern "fundamental rights of citizens" and "core issues of data protection", according to an automated translation.
New data retention rules rushed into law in the UK last year following the CJEU's judgment is currently the subject of a legal challenge before the High Court in London.