Skip to main content
SpringerLink
Log in

Data Retention in Germany

  • Chapter
  • First Online:
European Constitutional Courts towards Data Retention Laws

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 45))

Abstract

In Germany, the laws that implemented the EU Data Retention Directive (DRD) triggered the largest mass constitutional complaint in the history of the Federal Republic of Germany. The Federal Constitutional Court (FCC) reached a fundamental judgment in March 2010. This decision has had a significant impact on the following discussions and, to a certain extent, the judgments of the European Court of Justice (CJEU). Its grounds are characterised by a number of novel considerations. The FCC refined the protection the guarantee of the inviolability of telecommunications secrecy provides. It struggled with the key issue of whether precautionary data retention without cause could be constitutional at all. It then developed a bundle of concrete and in part detailed constitutional requirements that result in a network of dovetailed substantive and procedural safeguards. It also dealt with the question to what extent the legislator may impose obligations on telecommunications service companies, among others on anonymisation services. This chapter explains how the DRD was implemented in Germany, describes the proceedings before the FCC and analyses its judgment in detail, together with a number of agreeing as well as critical comments. Data retention is an illustrative example of how the Internet impacts the forms surveillance takes and to what extent new challenges for fundamental rights are emerging. It also proves to be a good example of the interactions between courts, in particular between member states’ instance courts, national constitutional courts and the CJEU.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    There are fields other than telecommunications, e. g. the retention of passenger name records, cf. CJEU (Grand Chamber), Opinion of 26 July 2017—1/15, curia.europa.eu; Vedaschi and Marino Noberasco (2017), or the retention of banking data to keep them available in combating money laundering and financing of terrorism, see inter alia Milaj and Kaiser (2017).

  2. 2.

    See FCC, Judgment of 15 December 1983—1 BvR 209/83 et al., BVerfGE (Volume of the decisions of the FCC) 65, pp. 46 and 47.

  3. 3.

    Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, OJ L 105/54.

  4. 4.

    In particular: Gesetz zur Neuregelung der Telekommunikationsüberwachung und anderer verdeckter Ermittlungsmaßnahmen sowie zur Umsetzung der Richtlinie 2006/24/EG of 21 December 2007, BGBl I 3198.

  5. 5.

    As to the business purposes, § 96 TKG provides the possibility of storing and using telecommunications data to the extent necessary for purposes such as charging and invoicing the parties or recognising deficiencies of telecommunications equipment.

  6. 6.

    Cf. more closely Albers (2001), p. 334 f.; Gazeas (2014), p. 228 f., 501 ff.

  7. 7.

    § 113a sect. 6 TKG (former version).

  8. 8.

    § 113a sect. 11 TKG (former version).

  9. 9.

    § 113a sect. 10 TKG (former version).

  10. 10.

    This means that if authorities already knew an IP address through their own investigations, they should be able to request information as to which subscriber the address belonged to.

  11. 11.

    The Code of Criminal Procedure provides for duties of ex post-notification of the persons affected by measures and subsequent judicial relief.

  12. 12.

    §§100g sect. 2 in conjunction with 100a sect. 3 StPO (former version).

  13. 13.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08= BVerfGE 125, 260 (with dissenting opinions of two judges). This judgment developed several new considerations but also built on the court’s jurisdiction which had been developed since the census decision of 1983. See, e. g. FCC, Judgment of 14 July 1999—1 BvR 2226/94 et al. = BVerfGE 100, 313; Judgment of 3 March 2004—1 BvR 2378/98 et al. = BVerfGE 109, 279; Decision of 3 March 2004—1 BvF 3/92 = BVerfGE 110, 33; Judgment of 27 February 2008 – 1 BvR 370/07 et al. = BVerfGE 120, 274.

  14. 14.

    Cf. FCC, Decision of 22 October 1986—2 BvR 197/83 = BVerfGE 73, 339; Decision of 7 June 2000—2 BvL 1/97 = BVerfGE 102, 147; Decision of 13 March 2007—1 BvF 1/05 = BVerfGE 118, 79.

  15. 15.

    Judgment of the CJEU of 10 February 2009, C-301/06.

  16. 16.

    Cf. Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 182.

  17. 17.

    Albers and Reinhardt (2010), p. 769.

  18. 18.

    Britz (2015), p. 277.

  19. 19.

    As to problems in determining the appropriate fundamental right in the field of telecommunications and the Internet cf. FCC, Judgment of 2 March 2006—1 BvR 2099/04 = BVerfGE 115, 166 (185 ff.). Cf. also Albers (2010b), p. 1064.

  20. 20.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 192.

  21. 21.

    It does not matter whether the communication contents are of a private nature or serve business purposes see, e.g. FCC, Judgment of 14 July 1999—1 BvR 2226/94 et al. = BVerfGE 100, 313 (358).

  22. 22.

    This is settled case law, see, e.g. FCC, Decision of 20 June 1984—1 BvR 1494/78 = BVerfGE 67, 157 (172); Decision of 25 Mar 1992—1 BvR 1430/88 = BVerfGE 85, 386 (396).

  23. 23.

    More closely: Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 211. See also Tzanou (2017), p. 79, who highlights these considerations.

  24. 24.

    Leading decision in this respect: FCC, Judgment of 14 July 1999—1 BvR 2226/94 et al. = BVerfGE 100, 313 (359).

  25. 25.

    See FCC, Judgment of 14 July 1999—1 BvR 2226/94 et al. = BVerfGE 100, 313 (365).

  26. 26.

    Cf. Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 191, 305.

  27. 27.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 193.

  28. 28.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 192 ff.

  29. 29.

    Judgment of the FCC of 15 December 1983, 1 BvR 209/83 et al. = BVerfGE 65, 1 (46 and 47).

  30. 30.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 207.

  31. 31.

    Concerning the significance of purpose determination see Albers (2005), p. 498 ff.; von Grafenstein (2018), p. 231 ff.

  32. 32.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 207.

  33. 33.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 207. This consideration is settled case law and is rooted in the notion that legislation should have a margin of assessment in this respect. This notion and the margin of assessment are the reference point for the now widely acknowledged duty of legislation to establish evaluations by means of which the accuracy of legislative assumptions at the time of the enactment of a law is later checked (duties of legislation to observe developments and to improve the law if necessary).

  34. 34.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 208.

  35. 35.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 212.

  36. 36.

    FCC, Judgment of 27 February 2008—1 BvR 370/07 et al., § 181 et sqq. = BVerfGE 120, 274 (306 ff.).

  37. 37.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 214.

  38. 38.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 218.

  39. 39.

    More closely Roßnagel (2010), p. 1240 f.

  40. 40.

    Cf. FCC, Judgment of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 218.

  41. 41.

    See also the comparison with Decision no. 1258 of the Romanian Constitutional Court of 8 October 2009 in: De Vries et al. (2011), p. 13 ff.

  42. 42.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 221 et sqq.

  43. 43.

    Cf. Clarke (2015), p. 128: Data retention measures and huge volumes of highly sensitive data result in a concentrated “honey-pot” which attracts attacks.

  44. 44.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 226: “The drafting of these provisions on use, in a manner that is not disproportionate, thus not only decides on the constitutionality of these provisions, which in themselves constitute an encroachment, but has also an effect on the constitutionality of the storage as such.”

  45. 45.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 238.

  46. 46.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 231. Cf. also already FCC, Judgment of 27 Feb 2008—1 BvR 370/07 et al., § 247 et sqq.= BVerfGE 120, 274 (328 f.).

  47. 47.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 233.

  48. 48.

    In this respect, Article 10 (2) Basic Law allows the replacement of pre-emptive judicial supervision by supervision carried out by an agency or auxiliary agency appointed by parliament.

  49. 49.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 247 et sqq.

  50. 50.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 243 et sqq.

  51. 51.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 254 et sqq.

  52. 52.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 293 et sqq.

  53. 53.

    Judgment of the FCC of 2 March 2010, 1 BvR 256/08, 263/08, and 586/08, § 300 et sqq.

  54. 54.

    Cf. Albers (2010a). See also more broadly Clarke (2015), p. 129 ff. Empirical studies are complicated and rare; see, as an example, Max Planck Institut für ausländisches und internationales Strafrecht (2011).

  55. 55.

    Judgment of the CJEU (Grand Chamber) of 8 April 2014, C-293/12 and C-594/12, available under curia.europa.eu. On the difficulties caused by the limited areas of competence of the EU, which also explain why the DRD rules on access by security authorities do not go into detail, see Bignami (2011), p. 238 ff. We also must note that, at this point and in subsequent points, the judgment of the CJEU of 10 February 2009, on the one hand, and the CJEU-judgment of 8 April 2014, on the other hand, are not consistent in every respect.

  56. 56.

    Judgment of the CJEU (Grand Chamber) of 8 April 2014, C-293/12 and C-594/12, §§ 27, 56. The CJEU added that the retention of the data might impact the exercise of the freedom of expression.

  57. 57.

    Judgment of the CJEU (Grand Chamber) of 8 April 2014, C-293/12 and C-594/12, § 39 et sqq.

  58. 58.

    Judgment of the CJEU (Grand Chamber) of 8 April 2014, C-293/12 and C-594/12, § 66 et sqq.

  59. 59.

    Judgment of the CJEU (Grand Chamber) of 8 April 2014, C-293/12 and C-594/12, § 58.

  60. 60.

    Judgment of the CJEU (Grand Chamber) of 8 April 2014, C-293/12 and C-594/12, § 60 et sqq.

  61. 61.

    Judgment of the CJEU (Grand Chamber) of 8 April 2014, C-293/12 and C-594/12, § 62.

  62. 62.

    Judgment of the CJEU (Grand Chamber) of 8 April 2014, C-293/12 and C-594/12, § 56 et sqq.

  63. 63.

    Judgment of the CJEU (Grand Chamber) of 8 April 2014, C-293/12 and C-594/12, § 63.

  64. 64.

    Judgment of the CJEU (Grand Chamber) of 8 April 2014, C-293/12 and C-594/12, § 68.

  65. 65.

    Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201/37.

  66. 66.

    Gesetz zur Einführung einer Speicherpflicht und einer Höchstspeicherfrist für Verkehrsdaten, v. 10.12.2015, BGBl. I 2218.

  67. 67.

    Judgment of the CJEU (Grand Chamber) of 21 December 2016, C-203/15 and C-698/15.

  68. 68.

    Cf. for an overview also the Eurojust-Report, Data retention regimes in Europe in light of the CJEU ruling of December 2016 in Joined cases C-203/15 and C-698/15, Council EU, Doc 10098/17.

  69. 69.

    FCC, Ruling of 8 June 2016, 1 BvQ 42/15, and ruling of 26 March 2017, 1 BvR 3156/15.

  70. 70.

    Administrative Court of Cologne, Ruling of 25 January 2017—9 L 1009/16; Higher Administrative Court of North Rhine-Westphalia, Ruling of 22 June 2017—13 B 238/17; Administrative Court of Cologne, Judgment of 20 April 2018—9 K 3859/16.

  71. 71.

    Cf. Higher Administrative Court of North Rhine-Westphalia, Ruling of 22 June 2017—13 B 238/17, § 80 et sqq.; Administrative Court of Cologne, Judgment of 20 April 2018—9 K 3859/16, § 88 et sqq.

  72. 72.

    1 BvR 141/16, 229/16, 2023/16 and 2683/16.

  73. 73.

    Judgment of the CJEU (Grand Chamber) of 2 October 2018, C-207/16, § 57 et sqq., curia.europa.eu. The CJEU has explicitly excluded the question of whether the Spanish Ley 25/2007 de conservación de datos relativos a las comunicaciones electrónicas y a la redes públicas de comunicaciones that provides for obligations to retain data under the invalid DRD is consistent with the requirements laid down in Article 15(1) of Directive 2002/58.

  74. 74.

    See point 3 of this chapter.

  75. 75.

    Cf. Bennett et al. (2014), p. 6: Surveillance was once literally “watching”; now, it is also “seeing with data.”

  76. 76.

    See more closely Slaughter (2004), Maduro (2009), Voßkuhle (2010) and Albers (2012).

  77. 77.

    Cf. also Kühling (2014); Granger and Irion (2014), p. 844 ff.

References

  • Albers M (2001) Die Determination polizeilicher Tätigkeit in den Bereichen der Straftatenverhütung und der Verfolgungsvorsorge. Duncker & Humblot, Berlin

    Book  Google Scholar 

  • Albers M (2005) Informationelle Selbstbestimmung. Nomos, Baden-Baden

    Book  Google Scholar 

  • Albers M (2010a) Funktionen, Entwicklungsstand und Probleme von Evaluationen im Sicherheitsrecht. In: Albers M, Weinzierl R (eds) Menschenrechtliche Standards in der Sicherheitspolitik. Beiträge zur rechtsstaatsorientierten Evaluierung von Sicherheitsgesetzen. Nomos, Baden-Baden, pp 25–54

    Chapter  Google Scholar 

  • Albers M (2010b) Grundrechtsschutz der Privatheit. Deutsches Verwaltungsblatt (DVBl) 125:1061–1069

    Google Scholar 

  • Albers M (2012) Höchstrichterliche Rechtsfindung und Auslegung gerichtlicher Entscheidungen. In: Grundsatzfragen der Rechtsetzung und Rechtsfindung, VVDStRL, vol 71. de Gruyter, Berlin, pp 257–295

    Google Scholar 

  • Albers M, Reinhardt J (2010) Vorratsdatenspeicherung im Mehrebenensystem: Die Entscheidung des BVerfG vom 2. 3. 2010. Zeitschrift für das juristische Studium (ZJS):767–774

    Google Scholar 

  • Bennett CJ, Haggerty KD, Lyon D, Steeves V (2014) Transparent lives: surveillance in Canada. AU Press, Edmonton

    Book  Google Scholar 

  • Bignami F (2011) Privacy and law enforcement in the European Union: the data retention directive. Chicago Journal of International Law, Spring 2007, Duke Science, Technology & Innovation Paper No. 13. Available at SSRN: https://ssrn.com/abstract=955261

  • Britz G (2015) Grundrechtsschutz durch das Bundesverfassungsgericht und den Europäischen Gerichtshof. Europäische Grundrechte-Zeitschrift (EuGRZ) 42:275–281

    Google Scholar 

  • Clarke R (2015) Data retention as mass surveillance: the need for an evaluative framework. Int Data Privacy Law 5(2):121–132

    Article  Google Scholar 

  • De Vries K, Bellanova R, De Hert P, Gutwirth S (2011) The German Constitutional Court judgment on data retention: proportionality overrides unlimited surveillance (Doesn’t It?). In: Gutwirth S, Poullet Y, De Hert P, Leenes R (eds) Computers, privacy and data protection: an element of choice. Springer, Dordrecht, pp 3–23

    Chapter  Google Scholar 

  • Gazeas N (2014) Übermittlung nachrichtendienstlicher Erkenntnisse an Strafverfolgungsbehörden. Duncker & Humblot, Berlin

    Book  Google Scholar 

  • Granger MP, Irion K (2014) The Court of Justice and the data retention directive in Digital Rights Ireland. Telling off the EU legislator and teaching a lesson in privacy and data protection. Eur Law Rev 39:835–850

    Google Scholar 

  • Kühling J (2014) Der Fall der Vorratsdatenspeicherungsrichtlinie und der Aufstieg des EuGH zum Grundrechtsgericht. Neue Zeitschrift für Verwaltungsrecht (NVwZ) 2014:681–685

    Google Scholar 

  • Maduro MP (2009) Courts and pluralism: essay on a theory of judicial adjudication in the context of legal and constitutional pluralism. In: Dunoff L, Trachtmann JP (eds) Ruling the World? Cambridge University Press, Cambridge, pp 356–380

    Chapter  Google Scholar 

  • Max-Planck-Institut für ausländisches und internationales Strafrecht (2011) Schutzlücken durch Wegfall der Vorratsdatenspeicherung? Eine Untersuchung zu Problemen der Gefahrenabwehr und Strafverfolgung bei Fehlen gespeicherter Telekommunikationsverkehrsdaten. Gutachten im Auftrag des Bundesamtes für Justiz, 2. Aufl., Freiburg i.Br

    Google Scholar 

  • Milaj J, Kaiser C (2017) Retention of data in the new anti-money laundering directive – “need to know” versus “nice to know”. Int Data Privacy Law 7(2):115–125

    Article  Google Scholar 

  • Roßnagel A (2010) Die “Überwachungs-Gesamtrechnung” – Das BVerfG und die Vorratsdatenspeicherung. Neue Juristische Wochenschrift (NJW) 63:1238–1242

    Google Scholar 

  • Slaughter A-M (2004) A new World order. Princeton University Press, Princeton

    Google Scholar 

  • Tzanou M (2017) The fundamental right to data protection: normative value in the context of counter-terrorism surveillance. Hart Publishing, Oxford

    Google Scholar 

  • Vedaschi A, Marino Noberasco G (2017) From DRD to PNR: looking for a new balance between privacy and security. In: Cole DD, Fabbrini F, Schulhofer S (eds) Surveillance, privacy and transatlantic relations. Hart Publishing, Oxford, pp 67–87

    Google Scholar 

  • von Grafenstein M (2018) The principle of purpose limitation in data protection laws. Nomos, Baden-Baden

    Book  Google Scholar 

  • Voßkuhle A (2010) Der europäische Verfassungsgerichtsverbund. Neue Zeitschrift für Verwaltungsrecht (NVwZ):1–8

    Google Scholar 

Download references

Acknowledgement

Thanks to Matthew Harris for a thorough proofreading of this text.

Author information

Authors and Affiliations

  1. Hamburg University, Hamburg, Germany

    Marion Albers

Authors
  1. Marion Albers
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marion Albers .

Editor information

Editors and Affiliations

  1. Department of Constitutional Law, Faculty of Law and Administration, University of Warsaw, Warsaw, Poland

    Marek Zubik

  2. Department of Constitutional Law, Faculty of Law and Administration, University of Warsaw, Warsaw, Poland

    Jan Podkowik

  3. Department of Constitutional Law, Faculty of Law and Administration, University of Warsaw, Warsaw, Poland

    Robert Rybski

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Albers, M. (2021). Data Retention in Germany. In: Zubik, M., Podkowik, J., Rybski, R. (eds) European Constitutional Courts towards Data Retention Laws. Law, Governance and Technology Series(), vol 45. Springer, Cham. https://doi.org/10.1007/978-3-030-57189-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-57189-4_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-57188-7

  • Online ISBN: 978-3-030-57189-4

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation