23.01.2021
unizeit Schriftzug

EU sets limits to data snooping

The retention of data is prohibited. This was decided by the European Court of Justice (ECJ) last October. However, the decision still provides some room for manoeuvre, as the highest judicial body of the EU allows for certain exceptions.

Futuristisch anmutender Serverraum
© iStock/imaginima

Simply storing telecommunications and Internet data for months or years on end as security agencies might find this data useful for future investigations one day. This is what is referred to as retention of data without occasion, which leads time and again to disputes between the different EU member states. In this case, according to Susanne Lilian Gössl, Professor of Civil Law and Digitalisation in German, foreign and international private law, as many as three national courts have called on the ECJ. The British, French and Belgian courts all wanted to clarify if and to what extent the retention of data can be permitted.

In order to explain judicial questions such as this one to an interested audience that does not consist of legal experts, Professor Gössl and her team keep a blog, in which they provide a concise and comprehensible summary of the issue at hand. In this case, it is also only one sentence that summarises the potential problem if the state would require Deutsche Telekom and the like to hand out traffic data: "This would also involve connection data of innocent citizens who are not suspected of anything." (If it only referred to data of people who are associated with criminal offences for good reasons, this procedure would hardly be problematic.) And this is exactly the reason why the ECJ, which is based in Luxembourg, decided that a general and indiscriminate retention of connection data is in principle prohibited.

"However, exceptions are possible," as Susanne Gössl pointed out with regard to an important addendum to the decision. The retention of data is allowed in the case of a "serious threat to national security that proves to be genuine and present or foreseeable". Nevertheless, this must be limited in time and in compliance with the principle of proportionality. In addition, such procedure must always be subject to review by a court, as it will always contradict the right to informational self-determination, according to the professor from Kiel University as well as many other legal experts.

At the same time, the aspect of national security is so strongly emphasised for good reason. "This is a sensitive subject," explained Professor Gössl and points out that EU policy makers try to avoid the highly sensitive allegation that they predefine what member states should perceive as a threat. However, the legal expert does not believe that the back door for exceptions will be left wide open. When looking at the issue from a civil society perspective, she considers the fact to be quite reassuring that these exceptions must be approved by a court as well as the EU principle that in case of doubt, the interests of citizens take precedence over those of the investigating authorities.

While the current situation in Germany is not affected by the ruling from Luxembourg, German political decision-makers also struggle with data retention issues. Germany’s Federal Constitutional Court rejected a highly comprehensive ruling in 2010. And even the subsequent reform, which provided the authorities with more restricted scope, was so controversial, according to Gössl, that it has since been de facto repealed. It is precisely for this reason that the ECJ has yet to rule on a submission by the German Federal Administrative Court on the legal admissibility of data retention; this may also lead to a general ban of data retention with the exception of clearly defined instances.

These decisions aside, data evaluation as an instrument could actually be overrated, according to Susanne Gössl. As revealed by a study carried out by the Max Planck Institute for International Criminal Law, the crime clearance rate with the help of data retention is just 0.1 percent higher than without data retention. The professor suspects that, on the one hand, this is due to the fact that investigating authorities find out a lot even without access to traffic data, and on the other hand, to the criminal or terrorist counterparts also being technologically savvy: "They certainly won’t be communicating via WhatsApp."

Autor: Martin Geist

Digital Law blog: www.blogs.uni-kiel.de/digitallaw

SEA-EU: European University of the Seas
Partner university of top-class sport
System Accredited Accreditation Council
EMAS Audited Environmental Management DE-140-00069
HR Excellence in Research
Certificate since 2002: audit family-friendly university
HRK Audit Internationalisation of Higher Education 2012/13 logo
Creating diversity: Diversity Audit of the Stifterverband - Certificate 2023
University Network Education by Responsibility
electronics watch: Responsible public procurement. Labour rights in the electrical industry
German Universities open to the World against Racism and Chauvinism
Charter of Diversity: For diversity in the world of work (signed)
Logo: Genuine Diversity: Action Plan for the Acceptance of Diverse Sexual Identities Schleswig-Holstein