Germany’s general data retention law violates EU law, Europe’s top court ruled on Tuesday, dealing a blow to member states banking on blanket data collection to fight crime and safeguard national security.
The law may only be applied in circumstances where there is a serious threat to national security defined under very strict terms, the Court of Justice of the European Union (CJEU) said.
The ruling comes after major attacks by Islamist militants in France, Belgium and Britain in recent years.
Governments argue that access to data, especially that collected by telecoms operators, can help prevent such incidents, while operators and civil rights activists oppose such access.
The latest case was triggered after Deutsche Telekom (DTEGn.DE) unit Telekom Deutschland and internet service provider SpaceNet AG challenged Germany’s data retention law arguing it breached EU rules.
The German court subsequently sought the advice of the CJEU which said such data retention can only be allowed under very strict conditions.
“The Court of Justice confirms that EU law precludes the general and indiscriminate retention of traffic and location data, except in the case of a serious threat to national security,” the judges said.
“However, in order to combat serious crime, the member states may, in strict compliance with the principle of proportionality, provide for, inter alia, the targeted or expedited retention of such data and the general and indiscriminate retention of IP addresses,” they said.
Excellent work by the court – targeted investigation has been proven to be much more effective than blanket surveillance. Other than that blanket surveillance turns your country into an Orwellian nightmare.