- Guidelines attempt difficult balancing act between freedom and security
- Central technical and legal questions remain unanswered
- Uncertainty places burden on companies – now going into second round
The highly controversial Blanket Data Retention is coming: The German Federal Ministry for Justice and the Ministry for the Interior have come to an agreement regarding a proposal. Under the new nomenclature “Guidelines for the Introduction of an Obligation to Store Traffic Data and the Highest Storage Time Limits”, the difficult balancing act between freedom and security is being attempted. eco – Association of the German Internet Industry e. V. rejects the proposal on several grounds. Oliver Süme, Director of Policy and Law, remarks: “The guidelines are a lazy compromise. Despite reduced data, storage time limits and the requirement for a court decision, blanket data retention remains unfounded surveillance of the communication of citizens in the digital world. Both technical and legal questions remain unanswered and the uncertainty for companies is now going into the next round.”
Freedom versus security
The guidelines, a compromise negotiated between the Ministry for Justice and the Ministry for the Interior, attempt the difficult balancing act between rights to freedom and the need for security. “This attempt will not succeed with unfounded retention. The encroachment into the fundamental rights of citizens and the costs associated with this are in no way proportionate to the as yet unproven increase in effectiveness for law enforcement. Shorter retention times and the exclusion of communication content and e-mails does not change this,” Süme explains. In addition, it remains questionable whether the compromise between the ministries can be maintained in the further legislative process.
Open questions
The guidelines also open a long list of new questions on the central technical and legal parameters which the companies obligated to implement blanket data retention will be left to deal with alone. For example, the manner of dealing with professions subject to professional secrecy is unclearly regulated: The traffic data from individuals with the right not to testify would still be retained, but analysis of this data would be prohibited. Essential framework parameters, such as encryption, storage, access protection and tamper-proof logging are not adequately defined. The stipulation is for “highest-possible state-of-the-art security”. Therefore, it remains questionable whether the guidelines comply with the requirements from the ECJ and the German Federal Constitutional Court with regard to constitutional and European law. “In the implementation of the security requirements, the technical complexity, financial investment and the feasibility of the implementation are as yet not foreseeable. Companies are being left to deal with this alone. For small and medium-sized providers of telecommunication services in particular, this may mean considerable expense,” Süme criticizes. “Should this be shaped into legislation, then significantly more clarity is required.”
Uncertainty going into the next round
The questions raised by the verdict of the German Federal Constitutional Court and the European Court of Justice are not answered by the guidelines. As a result, it is doubtful whether the attempt to re-introduce blanket data retention will not again be thrown out by the courts. “This time, the constitutionality must be explicitly examined before the introduction and implementation of blanket data retention,” Süme demands. “Especially against the backdrop of the financial expense for the implementation of blanket data retention, it would be prohibitive for companies to once more need to assemble technology for blanket data retention, only to ultimately have it scrapped again.”
It will only be possible for eco to make a conclusive assessment of the intentions when the first concrete draft legislation becomes available. The association continues to reject on fundamental grounds the reintroduction of blanket data retention – also in the sense of the proposed guidelines.
