Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?



EU Court Rules Against German Data Collection Law

A German law requiring telecoms companies to retain customer data is a breach of EU legislation, a European court ruled Tuesday, prompting the justice minister to vow an overhaul of the rules. 

A German law requiring telecoms companies to retain customer data is a breach of EU legislation, a European court ruled Tuesday, prompting the justice minister to vow an overhaul of the rules. 

Firms Telekom Deutschland and SpaceNet took action in the German courts challenging the law that obliged telecoms companies to retain customers’ traffic and location data for several weeks. 

The case headed to the European Court of Justice (ECJ) in Luxembourg, which ruled against the German legislation.

“EU law precludes the general and indiscriminate retention of traffic and location data,” the court said in a statement, confirming its previous judgements on the issue.

The Federal Administrative Court, one of Germany’s top courts, had argued there was a limited possibility of conclusions being drawn about people’s private lives from the data, and sufficient safeguards were in place. 

But the ECJ said the German legislation — which required traffic data to be retained for 10 weeks, and location for four — applies to a “very broad set” of information. 

It “may allow very precise conclusions to be drawn concerning the private lives of the persons whose data are retained… and, in particular, enable a profile of those persons to be established.”

The stated aim of the law was to prosecute serious criminal offences or prevent specific risks to national security, but the court said that such measures were not permitted on a “preventative basis”.

However, it said that in cases where an EU state faces a “serious threat to national security” that is “genuine and present”, telecoms providers can be ordered to retain data. 

Such an instruction must be subject to review and can only be in place for a period deemed necessary. 

Following the announcement, Justice Minister Marco Buschmann hailed a “good day for civil rights”.

“We will now, swiftly and definitively, remove data retention without cause from the law,” the minister wrote on Twitter.

Data privacy is a sensitive issue in Germany, and its courts have in the past issued rulings aiming to limit security services access to people’s data.

Buschmann is from the liberal FDP party, which has made data protection a key plank of its policies.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...


U.S. fighter jets successfully shot down the high altitude spy balloon launched by and belonging to China.

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...