Legal Report: German Data Retention Act not compatible with EU Law

According to a legal report of the Academic Office of the Bundestag (wissenschaftlicher Dienst des Bundestags), the German Data Retention Act is not compatible with EU law.

Backround

The German Data Retention Act came into force in 2015 and requires telecommunications companies to store traffic data for ten weeks and location data for four weeks (We reported on this). Telecommunications companies have to implement the requirements of the act until 1st July 2017.

The European Court of Justice (ECJ) has concretised the legal requirements for mass data retentions in its rulings Digital Rights Ireland (April 2014) and Tele2 Sverige vs. Postoch telestyrelsen (December 2016).

In the legal report, commissioned by the leftwing fraction, the Academic Office considers the German Data Retention law to be insufficient to fulfil these requirements as the storage is not limited to the purpose of fighting serious crime and is not constrained to a specific geographical area.

In addition, persons who are subjects to professional confidentiality, such as parliamentarians, doctors, lawyers or journalists, are not excluded from the application of the law, as required by the ECJ.

Opposition politicians appeal to the German Minister of Justice to withdraw the act, also in order to avoid that telecommunication companies spend their money unnecessarily by implementing the requirements of the German act.

Forecast

The legal report could give an outlook on the outcome of the current lawsuit before the German Constitutional Court. But even if the German Constitutional Court will dismiss the case, the possibility to file suit before the ECJ remains.