Digital Rights Ireland

Why German data retention decision means Irish Bill should be scrapped

Karlin Lillington writes in today’s Irish Times about the German decision striking down data retention law as a breach of privacy and what it means for the Data Retention Bill currently before the Oireachtas. Here’s an excerpt:

ANALYSIS: Data retention proposals about to become law here have been declared an invasion of privacy in Germany. Government please take note

IF THE Government fails to reconsider the terms of its Data Retention Bill, currently in its final stages before the Houses of the Oireachtas, it is likely to find that costly court challenges and a forced reworking of the legislation lie ahead.

The Retention of Data Bill 2009 seeks the overdue implementation of an EU directive on data retention (storage of call data for two years and internet-use data for one year, for everyone in the country, including children). It is the tail-end of a long process in which the right to privacy has been pitted against the needs of law enforcement to have access to records for criminal investigations.

Even as the Bill passed a Dáil vote that cements in its current provisions, there are signs that all is not well on the European front for national data retention legislation.

On Tuesday, in a significant finding, the German constitutional court threw out Germany’s existing data retention laws for a range of reasons, many of which have direct application to Ireland.

The German court echoed precisely the concerns expressed by many groups and individuals here about our own legislation – worries that were given a lone voice in the Dáil debate by Labour TD Seán Sherlock.

The German court found that enacting any data retention legislation requires a regard for what it termed the exceptional intensity of the interference with human rights that result from such measures. It therefore obligates the government to have clear and transparent measures in place to ensure data safety, data use, and adequate legal remedy available to citizens for misuse of personal data.

It said retention legislation must set a very high standard for safety of all data, and this cannot be balanced against a general burden of cost, whoever that may lie with. It underlined that access to data should only be allowed in cases targeting most serious crimes and terrorist offences. It argued that individuals must be notified after the fact that their information was accessed for an inquiry.

All of these issues have been highlighted as a concern in Ireland, where the Government has tried to downgrade the level of the crimes that our legislation applies to; does not outline a quality of service that must be met to protect data; does not cover the costs of managing and protecting data, but passes them on to the internet and telecoms sector; and does not give adequate legal remedy to citizens nor adequate oversight. Irish legislation would not meet the provisions laid out by the German court.

Privacy advocacy group Digital Rights Ireland has already brought a constitutional case against the Government in the High Court on the constitutionality of Irish legislation. This is widely expected to be referred to the European Court of Human Rights and prove a test case on the issue for the EU as a whole, where the German case will signal issues likely to prove troublesome for Irish and other EU nations’ retention laws.

Full text.

6 comments March 4th, 2010

Press Release on German Data Retention Decision

The civil rights organisation which brought the successful challenge to data retention before the German Constitutional Court has now issued a press release on that decision. Here’s the full text:

Press release by the German Working Group on Data Retention (AK Vorrat)

2 March 2010:

After data retention ruling: Civil liberties activists call for political end to retention of telecommunications data

+++ Data retention opposed by 70% of German population +++ European
Citizens’ Initiative for repealing the EU directive on data retention announced +++ Legal action to be continued +++

The German Working Group on Data Retention has today announced a Europe-wide campaign to end Internet and telephone data retention. This follows the German Constitutional Court’s ruling on a mass complaint made by more than 34,000 citizens. According to a newly-published poll, 69.3% of all Germans oppose data retention, making it the most strongly rejected surveillance law.[1]

“The recording of confidential contacts and movements of the entire population in the absence of any suspicion is unacceptable and must stop immediately”, says Florian Altherr of the Working Group. “In starting an initiative to this end, the Federal Minister of Justice can count on the support of EU Commissioner Viviane Reding as well as of many states such as Austria, Belgium and Romania, all of which do not have data retention laws in place.”

“In order to bring the massive rejection of blanket data retention home to politicians we are in the process of preparing a European Citizens’
Initiative. With the signatures of one million opponents to the permanent logging of our Internet and phone use we want to pursuade the EU to repeal its data retention directive”, announces data protection activist padeluun of the Working Group.

Patrick Breyer of the Group adds: “At the same time we will continue our legal fight against data retention. Today’s decision proclaiming the recording of the entire population’s behaviour in the absence of any suspicion compatible with our fundamental rights is unacceptable and opens the gates to a surveillance state.”

The German Working Group on Data Retention is making five political demands after today’s ruling:
1. The Federal Government, the Federal Minister of Justice and Parliaments must now cooperate with other like-minded states and bodies to take steps to repeal the redundant and detrimental data retention directive.
2. The German law on data retention, going far even beyond EU requirements and – according to the German Constitutional Court – unconstitutional, must not be re-enacted.
3. European citizens should be given the right to file constitutional complaints directly with the European Court of Justice.
4. The Federal Government must not agree to any further collection of information on citizens not suspected of any wrong-doing in the name of security, such as the air travellers file proposed by the EU. Mass data pools that were introduced in the past, such as the registration of Internet use by the Federal Office for Information Security or the employee information system ELENA, must be closed down.
5. An independent review of all existing “security” measures must take place in order to systematically examine their compatibility with our fundamental rights, their effectiveness, their cost, their harmful side-effects and alternatives.

Background information:

Communications data enables the tracing of who has contacted whom via telephone, mobile phone or e-mail. In the case of mobile calls or text messages via mobile phone, the user’s location is also logged. Data retention allows citizens’ movements to be traced and personal and business contacts to be monitored. Information regarding the content of communications such as personal interests and individual life circumstances can also be deduced.

A study commissioned in 2008 shows that data retention is acting as a serious deterrent to the use of telephones, mobile phones, e-mail and Internet. The survey conduced by research institute Forsa found that with communications data retention in place, one in two Germans would refrain from contacting a marriage counsellor, a psychotherapist or a drug abuse counsellor by telephone, mobile phone or e-mail if they needed their help. One in thirteen people said they had refrained from using telephone, mobile phone or e-mail at least once because of data retention, which extrapolates to 6.5 mio. Germans in total.

German NGO Working Group on Data Retention (Arbeitskreis
Vorratsdatenspeicherung) organised several protest marches against the scheme. Last year, 20.000 people protested against surveillance in Berlin.[2] About Arbeitskreis Vorratsdatenspeicherung (German Working Group on Data
Retention):

The Arbeitskreis Vorratsdatenspeicherung (AK Vorrat) is a Germany-wide organisation which campaigns against extensive surveillance in general and the blanket logging of telecommunications and other behavioural data in particular.

Homepage and contact details: http://www.vorratsdatenspeicherung.de

Footnotes and Links:

[1] Poll on data retention (in German):

http://www.vorratsdatenspeicherung.de/images/infas-umfrage.pdf

[2] Protest march “Freedom not Fear”:

http://www.vorratsdatenspeicherung.de/content/view/333/79/lang,en/

About Arbeitskreis Vorratsdatenspeicherung (German Working Group on Data Retention):
The Arbeitskreis Vorratsdatenspeicherung (AK Vorrat) is a Germany-wide organisation which campaigns against extensive surveillance in general and the blanket logging of telecommunications and other behavioural data in particular.
Homepage und contact details: http://www.vorratsdatenspeicherung.de

Add comment March 3rd, 2010

German Constitutional Court strikes down data retention law

Great news from Germany, where the Federal Constitutional Court has found data retention law to be incompatible with the right to privacy under the German Constitution. More thoughts on the decision and the implications for our own case at a later stage, but for the meantime here’s the initial AP report:

MELISSA EDDY Associated Press Writer

5:23 AM EST, March 2, 2010

BERLIN (AP) — Germany’s highest court on Tuesday overturned a law allowing authorities to retain data on telephone calls and e-mail traffic for help in tracking criminal networks.

A law ordering data on calls and e-mail exchanges be retained for six months for possible use by criminal authorities violated Germans’ constitutional right to private correspondence and must be revised, the Federal Constitutional Court ruled.

In its ruling, the court said the law failed to sufficiently balance the need for personal privacy against that for providing security, although it did not rule out data retention in principle.

“The disputed instructions neither provided a sufficient level of data security, nor sufficiently limited the possible uses of the data,” the court said.

Nearly 35,000 Germans had appealed to the court to overturn the law, which stems from a 2006 European Union anti-terrorism directive requiring telecommunications companies to retain phone data and Internet logs for a minimum of six months in case they are needed for criminal investigations.

The court upheld the EU directive, saying the problem lay instead with how the German parliament chose to interpret it.

Under the German law, which went into effect Jan. 2008, information about all calls from mobile or landline phones was retained for six months, including who called whom, from where and for how long.

The following year, that law was expanded to include the data surrounding all contact via e-mail.

Although the laws forbid authorities from retaining the contents of either form of communication, they met with fierce opposition from civil rights groups.

“Massive amounts of data about German citizens who pose no threat and are not suspects is being retained,” Germany’s commissioner for data security issues, Peter Schaar, told ARD’s morning show.

Experts argue the information is crucial to being able to trace crimes involving heavy use of the Internet, including tracking terror networks and pursuing child pornography.

3 comments March 2nd, 2010