Cabinet initiates new data retention

Contents

After the storage of connection data comes the storage of connection data on demand – after 20 years, the plan desired by security authorities is entering another round. But this time, things are different, the federal government promises. Because unlike in previous iterations, the data retention obligation is now to apply “only” to IP connection data.

Internet access providers are to be obliged to store for three months which user was assigned an IP address. And if an IP was used by multiple users simultaneously, which is often the case in mobile communications or cable networks, which port the user was assigned. However, the precautionary storage of IP assignments is expressly not data retention, a spokeswoman for the Federal Ministry of Justice and Consumer Protection (BMJV) explained at noon in Berlin.

The legislative proposal adopted today, Wednesday, is intended to improve the traceability of criminal offenses, even if the connection owner and the user are by no means identical. Hotels that provide Wi-Fi access to their guests, for example, are not covered by the rules. Providers based outside Germany are also not affected by the new regulation, as only providers based in the Federal Republic can be subjected to a corresponding storage obligation.

Hubig: “Time for us to catch up”

The Justice Department, headed by SPD politician Stefanie Hubig, is responsible for the law. The Federal Minister of Justice emphasizes that providers often do not store IP assignments at all or only for a few days, which is too short for the investigating authorities. “Too many crimes – whether child abuse, online fraud, or digital violence – remain unsolved because crucial traces like IP addresses are missing,” says Hubig.

“Many European countries have had such a regulation for a long time – it is time for us to catch up. The principle is: fundamental rights are protected, and at the same time, we are strengthening online law enforcement.” Within the SPD, the plan was particularly controversial over the decades, but recently, internal party resistance to the plan has noticeably decreased. The draft was developed in close coordination with the Federal Ministries of the Interior and Digital Affairs, according to the Justice Department.

With Bitkom, the largest IT industry association in the Federal Republic, welcomes the new data retention. Victims of online crimes must be able to trust that offenses can be successfully prosecuted and perpetrators identified, says President Ralf Wintergerst. “This requires a legally sound regulation that enables prosecution without disproportionately infringing fundamental rights.”

End of the endless loop?

Hubig hopes for an end to the endless loop: “With this draft, we have the chance to bring a 20-year debate about freedom and security online to a reasonable conclusion.” As early as 2007 and 2015, black-red federal governments had initiated data retention measures that were declared legally sound. Both ultimately failed due to legal reality and were restricted by the Federal Constitutional Court and largely rejected by the European Court of Justice.

The current federal government hopes that the judges in Luxembourg will now view the plan more positively – on the one hand, because the scope is smaller compared to previous versions, and on the other hand, because the judges might assess the geopolitical situation differently. The Bundestag still has to debate the new data retention. Rulings by ECJ judges have always been interpreted by proponents and opponents alike to their advantage in the past.

Supplementary rather than replacing Quick Freeze

In addition to the new regulation of data retention, the draft law adopted by the cabinet today also includes a regulation to extend the use of cell phone location data to less serious offenses and to secure other traffic data in cases of suspicion in individual cases. This will oblige providers in particular to store users' communication relationships with other users for up to three months. With a judicial order, this can be extended once for another three months. This approach of data storage after an initial suspicion, also known as Quick Freeze, is now to be implemented in addition to, rather than as an alternative to, data retention.

(mma)