Data retention contrary to EU law | IT-Medienrecht

Learn more: Data retention in Germany ruled incompatible with EU law by BVerwG. Understand the implications for telecommunications providers now.

Federal Administrative Court Declares Telecommunications Data Retention Unlawful

Federal Administrative Court Declares Telecommunications Data Retention Unlawful

The Federal Administrative Court in Leipzig recently ruled that the provisions of §§ 175 para. 1 sentence 1 in conjunction with 176 TKG are incompatible with Article 15 para. 1 of the ePrivacy Directive (Directive 2002/58/EC). These provisions mandate providers of publicly available telecommunications services to store specific telecommunications traffic data. Consequently, the data retention obligation is not applicable.

Background of the Legal Challenge Against Data Retention

Two telecommunications companies initiated legal proceedings against this decision. They challenged the obligation to retain their customers' telecommunications traffic data. The challenged provisions were initially Section 113a (1) in conjunction with Section 113b TKG (old version), later largely reflected in Section 175 (1) sentence 1 in conjunction with Section 176 TKG.

What Telecommunications Data Was Subject to Retention?

The statutory provisions required the storage of various types of data for specific periods:

Course of the Legal Proceedings

The Cologne Administrative Court initially ruled in favor of the plaintiffs. It determined that telecommunications companies were not obligated to store traffic data for customers using internet access or public telephone services. The court found the storage obligation to be contrary to Union law, rendering it inapplicable.

The case was then escalated. The Federal Network Agency, representing the defendant, filed a jump appeal. Consequently, the Federal Administrative Court suspended proceedings and referred the matter to the Court of Justice of the European Union (ECJ) for a preliminary ruling, as per Article 267 TFEU. This crucial step aimed to clarify fundamental questions of Union law. For more insights into such legal complexities, see our article on data protection madness: when theory and practice collide.

Following the ECJ's judgment on September 20, 2022 (Joined Cases C-793/19 and C-794/19, Space Net et al.), the Federal Administrative Court dismissed the defendants' appeals. The ECJ's decisions often provide significant clarifications on liability and compensation for damages in data-related issues; learn more in our piece on ECJ rulings strengthening data protection.

In its final decision, the court adapted its reasoning to the current provisions of Section 175 (1) sentence 1 in conjunction with Section 176 TKG. This built upon the previous legal situation under Section 113a (1) in conjunction with Section 113b TKG (old version).

Federal Administrative Court's Reasoning on Union Law Incompatibility

The Federal Administrative Court's decision critically evaluated the broad scope of data retention. It concluded that the Telecommunications Act mandated the retention of extensive traffic and location data without sufficient reason. This obligation was applied undifferentiated across the entire country, regardless of specific individuals, timeframes, or geographical areas.

Lack of Objective Criteria and Separate Justification

The court found that this general approach failed to meet Union law requirements. Crucially, no objective criteria were established to link the stored data with any specific objective. Furthermore, the retention of data and access to it represent distinct infringements on fundamental rights, each requiring separate justification. The existing limitations on purposes of use, such as those in Section 177 para. 1 TKG (Section 113c (1) TKG old version), were deemed insufficient. They did not provide the clear and precise rules for data storage required by Union law. Effective legally compliant archiving of emails, for instance, requires much stricter adherence to precise rules.

Specific Issues: Telephone and Internet Services

Regarding telephone services, the regulation mandated retention of data identifying message sources, recipients, connection times, and radio cells used. However, the ECJ mandates a strict limitation of general and indiscriminate retention of traffic and location data solely for national security purposes. This vital restriction was absent in the Telecommunications Act's provisions.

For internet access services, particularly concerning the storage of assigned IP addresses, European Union law permits data retention for specific purposes like combating serious crime or preventing severe threats to public security. However, the Telecommunications Act's regulation failed to impose such a corresponding restriction on the purposes of storage.

The scope of permitted purposes for inventory data disclosure, which influences storage purposes, significantly exceeded Union law's framework. This was true for both the former legal situation (Section 113c para. 1 No. 3 in conjunction with Section 113 para. 1 sentence 3 TKG old version) and the current Section 177 (3) para. 1 No. 3 in conjunction with Section 174 para. 1 sentence 3 TKG.

Primacy of Union Law

Given the ECJ's emphasis on the principle of certainty and clarity of norms, an interpretation consistent with Union law was impossible. Consequently, due to the primacy of Union law, the relevant provisions in the Telecommunications Act concerning data retention cannot be applied.

Conclusion

This landmark ruling by the Federal Administrative Court underscores the critical importance of adhering to Union law, particularly the ePrivacy Directive, in national legislation. Telecommunications providers are thereby freed from a broad and indiscriminate data retention obligation that lacked sufficient legal justification. The decision reinforces the protection of fundamental rights against disproportionate state intervention in data privacy.