Security News > 2022 > September > Look who's fallen foul of Europe's data retention rules. France and Germany

Look who's fallen foul of Europe's data retention rules. France and Germany
2022-09-21 06:32

On Tuesday, the European Court of Justice issued rulings that limit indiscriminate data retention in France and Germany.

The ECJ determined [PDF] that EU law disallows national legislation that requires indiscriminate retention of telecom traffic and location data to fight crime and protect public safety.

The German law's requirement that telecom firms retain traffic data for 10 weeks and location data for four weeks could allow "Very precise conclusions to be drawn concerning the private lives of the persons whose data are retained," the ruling explains.

The ECJ ruling says that mandatory data retention in defense of national security is allowable when there is a "a serious threat to national security that is shown to be genuine and present or foreseeable." Any such accommodation, the court says, must be subject to judicial review and must be of limited duration related to a specific threat.

Matthias Pfau, co-founder of privacy-focused email service Tutanota, also applauded the ECJ's decision about the German data retention requirement.

Pfau argues that while law-abiding citizens tend to be indifferent to data retention because they believe they have nothing to hide, such sentiment ignores the possibility of oppressive regimes coming to power and using data stores to target political enemies.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/21/eu_data_retention/