heise PlusAbo
Anzeige

Data retention: Failure programmed again?

After the federal government has initiated its new proposal for data retention, there is criticism from providers and data protectionists.

listen Print view
A person holds a mobile device, with a warning sign retouched on it, in their right hand, while holding their left hand dismissively towards the camera.

(Image: Andrii Yalanskyi / Shutterstock.com)

5 min. read
By
Contents

The proposal for a new edition of data retention from the federal government supported by CDU, CSU, and SPD has triggered different reactions. Criticism comes from associations of the telecommunications industry, the Federal Commissioner for Data Protection and Freedom of Information, as well as civil society. The planned introduction is welcomed, for example, by police unions.

Some objections from business associations seem rather technical. Frederic Ufer, for the Association of Digital and Telecommunications Providers (VATM), demands that there should be no renewed uncertainties regarding IP address storage. “If companies are obliged to store IP addresses and the data required for their allocation, the specifications must be provided with realistic deadlines,” Ufer demanded. Currently, it is planned that providers must set up the necessary infrastructure within six months after the law comes into force. “The inclusion of IP and port data in networks with Carrier Grade NAT is particularly problematic,” warns Sven Knapp from the Broadband Communications Association (Breko). “This threatens massive technical and economic burdens, especially for small and medium-sized network operators.”

“Unsolicited data storage again”

In addition to deadlines and costs, doubts about the actual compatibility with the legal framework are occupying the Association of the Internet Industry Eco. “The draft fails to meet the requirements of the European Court of Justice and again creates unsolicited data storage without demonstrable added value for law enforcement,” says Eco board member Klaus Landefeld. “Three months of IP address storage does not mean more security, but more data storage on suspicion.” The unsolicited three-month storage goes beyond what is necessary, also complains the Breko.

Videos by heise

Years ago, investigators at the BKA analyzed after what period they regularly received no information about IP users from the providers. In the politically particularly relevant field of depictions of sexual abuse of children, the BKA stated in 2022 that in most cases the data from NCMEC would be handed over to law enforcement within a week, and 80 percent would have been retrievable by providers with a 14-day retention obligation.

BfDI: Storage period without valid justification

This is precisely where a main criticism from the independent Federal Commissioner for Data Protection and Freedom of Information comes in. “The justification for the law refers to police practical experience and that a storage period of three months would likely cover a relevant portion of the significant police matters,” explains a spokesperson. From the BfDI's perspective, there is no sufficient data basis to assess what storage period would actually be balanced. Measured against the most probable case constellations, a storage obligation of two to three weeks would regularly be sufficient even in special danger situations, such as terrorist threats, investigators had argued so far – the draft law now deviates from this and thus does not limit itself to the “absolutely necessary.” The corridor for legally compliant implementation remains extremely narrow, according to the spokesperson for Louisa Specht-Riemenschneider, who is leaving office due to illness.

Clear criticism comes from the German Bar Association. “Even a slimmed-down data retention remains data retention,” it clearly concludes – the regulation does not provide for an exception for holders of professional secrets, such as lawyers. “While the storage period of three months goes far beyond what is necessary, there is no judicial review for its use, nor a restriction to a minimum severity of the crime to be investigated, so that compatibility with constitutional and European law is questionable.” Civil society groups with a digital focus also expressed clear criticism of the plan.

Criticism from the opposition rather reserved

Politically, resistance to the new attempt has so far been reserved. Criticism came from individual politicians of the opposition parties represented in the Bundestag. Green Party parliamentary group deputy Konstantin von Notz sees major legal concerns again despite the changed world situation, and Left Party domestic policy spokesperson Clara Bünger spoke of a “frontal attack on the digital fundamental rights of over 80 million people.” The extra-parliamentary FDP, which has spoken out against the introduction of data retention for years and also while in government, predicts that the plan will fail in court again.

(mki)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten